The tech giant, Google has removed nine apps from its Play Store as researchers discovered that they stole users’ Facebook login details. The apps were hidden in titles that resembled normal tools and utility apps.
Processing Photo, App Lock Keep, Rubbish Cleaner, Horoscope Daily, Horoscope Pi, App Lock Manager, Lockit Master, Inwell Fitness, and PIP Photo were the malicious apps uncovered by Dr. Web’s malware specialists. These apps allegedly worked as trojan virus, stealing Facebook login details from users.
According to the research, the malware apps had a total of 5.9 million downloads on Google Playstore, with PIP Photo alone having 5.8 million downloads, and contained five different malware strains. Google had already withdrawn three children’s apps, Princess Salon, Number Coloring, and Cats & Cosplay, due to privacy concerns.
Users were tricked by these apps, which displayed an exact imitation of Facebook’s login page. Instead, the apps used a JavaScript command to steal their login information. The apps also stole browser cookies from the authorization session, according to reports. There were several malware variations, all of which allegedly used the same JavaScript code to steal user information.
According to sources, app developers of these nine apps have been prohibited on the Google Play Store, preventing those accounts from publishing new apps to the market. While this is a good move for Google, a new developer account can be created for a small charge of $25 under a different identity.
Google has warned the users not to download any apps from unknown developers regardless of the number of app downloads and also advised them to check the devices and Facebook account for any strange activity if installed.
Related: Data Transparency; Google announces its own nutrition labels for apps