07 July 21, 17:04
Quote:A set of nine malicious Android apps that steal Facebook credentials were found on Google Play, which racked up a collective 5.9 million installations before Google removed them.
According to Dr. Web’s malware analysts, the applications were fully functional, so that victims remained in the dark about the fact they had downloaded malware to their Android devices. Pop-ups, however, informed users that to access all of the apps’ functions and to disable in-app ads, users would need to log into their Facebook accounts. Once they did, their passwords and user names were harvested.
“The advertisements inside some of the apps were indeed present, and this maneuver was intended to further encourage Android device owners to perform the required actions,” researchers said in a recent posting.
The malicious apps were detected as trojans called Android.PWS.Facebook.13, Android.PWS.Facebook.14, Android.PWS.Facebook.17 or Android.PWS.Facebook.18, according to the firm – all slight variations on the same code.
“While the Android.PWS.Facebook.13 [and] Android.PWS.Facebook.14 … are native Android apps, the Android.PWS.Facebook.17 and Android.PWS.Facebook.18 are utilizing the Flutter framework designed for cross-platform development,” researchers explained. “Despite this, all of them can be considered modifications of the same trojan since they use identical configuration file formats and identical JavaScript scripts to steal user data.”
Read more: Android Apps in Google Play Harvest Facebook Credentials | Threatpost