AT LEAST nine apps have had to be removed from the Google Play Store after they were caught stealing Facebook passwords.
Security researchers found ten ‘trojan’ Android apps stealing Facebook usernames and passwords, nine of which were avaliable on Google Play.
Some of the malicious apps posed as security softwareCredit: App Lock Keep
The researchers from Dr. Web say the apps had been downloaded a staggering 5,856,010 times.
They presented themselves as innocent useful software like photo apps, security apps and horoscope apps.
Android users should check their phones for apps called Processing Photo, App Lock Keep, Rubbish Cleaner, Horoscope Daily, Horoscope Pi, App Lock Manager, Lockit Master, Inwell Fitness, and PIP Photo.
Google has removed all the offending apps from the Play Store.
The offending apps have been removed from the Google Play Store but they’d already been downloaded millions of timesCredit: Alamy
Google also banned the app developers.
Those developers were said to use an old trick to steal Facebook details.
The malicious apps promised to remove in-app ads if users logged in via their Facebook account.
The Dr. Web report explains: “These trojans used a special mechanism to trick their victims.
“After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView.
“This script was directly used to highjack the entered login credentials.”
You should research any apps you download and be wary of any that look suspicious.
If you have downloaded one of the offending apps, delete it immediately and change your Facebook password and any account details that use the same password and login.
How to stay safe from hackers
- Protect your devices and networks by keeping them up to date: use the latest supported versions, use anti-virus and scan regularly to guard against known malware threats.
- Use multi-factor authentication to reduce the impact of password compromises.
- Tell staff how to report suspected phishing emails, and ensure they feel confident to do so, investigate their reports promptly and thoroughly.
- Set up a security monitoring capability so you are collecting the data that will be needed to analyse network intrusions
- Prevent and detect lateral movement in your organisation’s networks.
In other news, Apple fans may have gotten their first look at the new iPhone months ahead of its rumoured release.
Facebook is facing backlash in the US over plans to create a version of Instagram for children under 13.
And, China is claiming to be a world leader in 6G technology, according to reports.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]