Android apps that steal Facebook passwords have repeatedly existed and now booted out of the Google Play Store. Photo editing, horoscope, and junk files removal apps are secretly collecting their login credentials.
Google only knew that highly downloaded apps have been sneaking their way to its official app marketplace after security firm, Dr. Web, performed malware research.
The scheme wherein apps mask themselves as utility apps is nothing new. For instance, on July 1, 2020, there were a total of 25 Android apps that were also caught collecting Facebook login credentials.
That said, repeated incidents of Facebook login stealing Android apps is likely to happen again. More on how to avoid it later.
Android Apps Stealing Facebook Passwords
Dr. Web reported that the malicious acts begin by prompting its users to disable in-app ads, but there is a catch. Understandably, it is annoying to see promotional banners or pop-ups as you are using an app. Even more, if it is something you will use as a utility tool.
So, it entices users to remove such annoyance for free.
But it turns out that removing the in-app ads will force users to log in to their Facebook accounts on the secretly malicious apps.
According to ArsTechnica, those who decide to go on with the prompt were welcomed with what seems to be a real Facebook login page, wherein users input their emails and passwords.
After doing so, folks editing their selfies, or let's say checking out if their next potential date aligns with their zodiac sign, will now enjoy the said apps without being bothered by promotional banners or pop-ups.
The researchers of Dr. Web added that these apps plant trojans that could initially harvest Facebook logins. However, the criminal minds could further opt to access other accounts as well.
How To Avoid Android Apps Stealing Login Credentials
As much as Google Play has already removed the apps that stole login credentials, there is no guarantee that such incidents will never happen again.
Google has further banned the developers involved, meaning that they will not be welcomed again in the Play Store. However, that does not mean that there is no loophole for that. The criminal minds could easily sign up under a new name and their back with their scheme.
According to Digimantralabs, it will help to limit the information that apps have permission to get.
Also, be critical if the said function of the app really needs the information that it asks from you. For instance, will a flashlight app need your payment details or exact location?
Meanwhile, ArsTechnica said in the same report that installing an Android antivirus app also helps in detecting apps that plants malware to your devices.
List of Android Apps Involved
If the apps below used to be installed on your Android device, it would be best to change your Facebook passwords immediately.
- PIP Photo
- Processing Photo
- Rubbish Cleaner
- Horoscope Daily
- Horoscope Pi
- Lockit Master
- App Lock Manager
- Inwell Fitness
Elsewhere, Apple App Store also had its fair share of information stealing apps.
Related Article : Android Apps Will No Longer Track Users Who Opted Out of Ads Thanks to Google's Latest Strict Policy
This article is owned by Tech Times
Written by Teejay Boris