Google is still racing to remove Android apps that violate major privacy laws. According to Ars Technica, Google has removed nine apps from the Google Play Store after Dr. Web analysts discovered they were trojans stealing Facebook login information.
MORE FROM RAVZGADGET: Hackers Conduct One Of The Largest Supply Chain Cyberattacks To Date
The malware had over 5.8 million combined downloads and posed as easy-to-find titles such as “Horoscope Daily” and “Rubbish Cleaner.”
The apps duped users by displaying the genuine Facebook sign-in page before loading JavaScript from a command and control server to “hijack” credentials and pass them along to the app (and thus the command server).
They would also steal authorization session cookies. In each case, Facebook was the intended destination, but the creators could have easily directed users to other internet services.
There were five malware variants in the mix, but they all stole data using the same JavaScript code and configuration file formats.
Google told Ars that it had banned all of the app developers from the store, which may not be much of a deterrent given that the perpetrators can easily create new developer accounts. To keep the attackers out, Google may need to screen for malware.
The question is, of course, how the apps accumulated as many downloads as they did prior to the takedown. Google’s largely automated screening keeps a lot of malware out of the Play Store.
The subtlety of the technique may have allowed the rogue apps to slip past these defenses, leaving victims unaware that their Facebook data had been compromised.
MORE FROM RAVZGADGET: ‘Dune’ Release Shifted Again To Another Three Weeks; October 22nd
Whatever the reason, it’s safe to say that downloading utilities from unknown developers, no matter how popular they appear, should be avoided.
Follow @Ravzgadget on Twitter, Instagram, and like our page of Facebook.com/ravzgadget for the latest technology news.