Most worryingly, these apps have been downloaded from the Play Store more than 5,8 million times. The applications looked normal and did what they said they were doing, such as image editing, exercise or training.
Because they contained ads, users had the option to disable them by linking the application to Facebook. Initially, although they loaded the actual page, they redirected users to another page that was very similar to its login form. Facebook. The malware intercepted the login credentials and forwarded them to the hackers' command and control server along with the cookies from other authentication sessions.
The security researchers of Dr. Web they said:
The analysis of malicious programs (malware) showed that all applications had settings for stealing logins and passwords from their accounts Facebook. However, intruders could easily change the settings to load the website of another legitimate service. They could also use a completely fake login form found on another site (phishing).
In the following list you will see which applications contained malware:
The PIP Photo app had the most downloads (5,8 million). The following are:
- Horoscope Pi: about 1.000 downloads
- Lockit Master about 5.000 downloads
- App Lock Manager: about ten downloads
- Horoscope Daily: about 100.000 downloads
- App Lock Keep: about 50.000 downloads
- Inwell Fitness: about 100.000 downloads
- Rubbish Cleaner: about 100.000 downloads
- Photo Processing: approximately 500.000 downloads
Applications have already been removed from Google Play Store and the Google blacklisted the creators of all nine applications, preventing them from submitting new ones. That of course does not say anything.
Η Google he should improve the security systems he uses, and stop taking half measures.