Google Drops Popular Android Apps That Stole Facebook Data

The question is, of course, how the apps accumulated as many downloads as they did prior to the takedown. Google's largely automated screening keeps a lot of malware out of the Play Store.

Google Drops Popular Android Apps That Stole Facebook Data - Ravzgadget
Google Drops Popular Android Apps That Stole Facebook Data
Share this article with friends

Google is still racing to remove Android apps that violate major privacy laws. According to Ars Technica, Google has removed nine apps from the Google Play Store after Dr. Web analysts discovered they were trojans stealing Facebook login information.

MORE FROM RAVZGADGET: Hackers Conduct One Of The Largest Supply Chain Cyberattacks To Date

The malware had over 5.8 million combined downloads and posed as easy-to-find titles such as “Horoscope Daily” and “Rubbish Cleaner.”

The apps duped users by displaying the genuine Facebook sign-in page before loading JavaScript from a command and control server to “hijack” credentials and pass them along to the app (and thus the command server).

They would also steal authorization session cookies. In each case, Facebook was the intended destination, but the creators could have easily directed users to other internet services.

There were five malware variants in the mix, but they all stole data using the same JavaScript code and configuration file formats.

Google told Ars that it had banned all of the app developers from the store, which may not be much of a deterrent given that the perpetrators can easily create new developer accounts. To keep the attackers out, Google may need to screen for malware.

The question is, of course, how the apps accumulated as many downloads as they did prior to the takedown. Google’s largely automated screening keeps a lot of malware out of the Play Store.

The subtlety of the technique may have allowed the rogue apps to slip past these defenses, leaving victims unaware that their Facebook data had been compromised.

MORE FROM RAVZGADGET: ‘Dune’ Release Shifted Again To Another Three Weeks; October 22nd

Whatever the reason, it’s safe to say that downloading utilities from unknown developers, no matter how popular they appear, should be avoided.

Follow @Ravzgadget on Twitter, Instagram, and like our page of Facebook.com/ravzgadget for the latest technology news.

Share this article with friends
SOURCERavzgadget
Juanita Benson loves following technology inventions and stories a whole lot before being hired by Ravzgadget to start writing instead of just reading. I see this rare opportunity as golden. Thanks to my new team.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments