Google has found 9 malware applications that stole Facebook passwords from users of Android devices, according to a research by Dr. Web.
Most worryingly, these apps have been downloaded from the Play Store more than 5,8 million times. The applications looked normal and did what they said they were doing, such as image editing, exercise or training.
Επειδή περιείχαν διαφημίσεις, οι χρήστες είχαν την επιλογή να τις απενεργοποιήσουν συνδέοντας την εφαρμογή με το Facebook. Αρχικά αν και φόρτωναν την πραγματική σελίδα, ανακατευθύναν τους χρήστες σε μια άλλη σελίδα που έμοιαζε πολύ με τη φόρμα σύνδεσης του Facebook. Το κακόβουλο λογισμικό υπέκλεπτε τα διαπιστευτήρια σύνδεσης και τα διαβίβασε στον διακομιστή orders και ελέγχου των hackers μαζί με τα cookies from other authentication sessions.
The security researchers of Dr. Web they said:
Analysis of the malware showed that all of the apps had settings to steal logins and passwords from Facebook accounts. However, attackers could easily change the settings to load another legitimate service's website. They could also use a completely fake login form located on another site (Phishing).
In the following list you will see which applications contained malware:
The PIP Photo app had the most downloads (5,8 million). The following are:
- Horoscope Pi: about 1.000 downloads
- Lockit Master about 5.000 downloads
- App Lock Manager: about ten downloads
- Horoscope Daily: about 100.000 downloads
- App Lock Keep: about 50.000 downloads
- Inwell Fitness: about 100.000 downloads
- Rubbish Cleaner: about 100.000 downloads
- Photo Processing: approximately 500.000 downloads
The apps have already been removed from the Google Play Store, and Google has blacklisted the creators of all nine apps, preventing them from submitting new ones. That of course does not say anything.
Google should improve the security systems that uses, and to stop taking half measures.