New Delhi: Google keeps monitoring Android apps for any threat they may pose to users' data security. Even though several apps are routinely deleted on Play Store over the security concerns, more such platforms infringing on users' privacy keep cropping up.


According to a new research report, Android apps that have more than 5.8 million downloads on the Google Play store have been found prying on users’ Facebook passwords.

Security firm Doctor Web has published a report wherein it informed about 9 trojan apps that offer commonly-used photo editing and app lock features while discreetly stealing users' Facebook passwords.


ALSO READ | Twitter Failed To Comply With New IT Rules Leading To Loss Of Immunity: Centre Tells Delhi HC


All these apps found on the Google Play store have nearly 6 million downloads. Google removed some of these apps from the Play store, as of July 1, 2021, when the report was published, it claims.


Among these, the PIP Photo app was the most downloaded as it had 5 million downloads of its own.


Here are the trojan apps that you need to uninstall:



  • PIP Photo

  • Processing Photo

  • Rubbish Cleaner

  • Horoscope Daily

  • App Lock Keep

  • Lockit Master

  • Horoscope Pi

  • App Lock Manager

  • Inwell Fitness


How do apps steal Facebook passwords?


These harmless-looking apps give users the option to unlock more features and disable in-app advertisements by logging into their Facebook accounts and then the Google and Facebook login option is misused to steal passwords of unsuspecting users.


Here's how the research firm described their method of operation: “After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials".


"After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed the stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals,” the report adds.


What to do if apps are installed?


Google has removed all of these apps from the Play Store and has reportedly banned their developers from submitting any new apps.


Users who have these apps downloaded on their devices and especially those who used the Facebook login option are recommended to revoke the permission given to these apps from accessing your Facebook account. Users should change their Facebook account password as well besides uninstalling such apps.