10 Android apps found stealing Facebook logins and passwords
russian antivirus firm Dr. web report last thursday, july one, information technology take detect ten android apps that experience embedded malware, allow those apps to steal Facebook logins and password. nine of these be directly available on the play memory while one have constitute remove prior to their report merely equal still available along “ software collector web site. ”
while the play memory embody not by and large know for take very rigid app trickle process, specially compare to apple ’ second App memory, what ’ sulfur alarm be that these ten apps have equal download about 5.8 million meter. information technology be only after Dr. world wide web make the report to google that the trojan apps be weed out .
Of the ten apps, the double edit platform “ shoot photograph, ” aside developer Lillians, be download five million times. information technology hold the malware Android.PWS.Facebook.17 and Android.PWS.Facebook.18 .
here cost the nine other apps appoint by Dr. network :
- Photo-editing software “Processing Photo” by developer chikumburahamilton – 500,000 downloads
- Access manager “App Lock Keep” by Sheralaw Rence – 50,000 downloads
- Access manager “App Lock Manager” by implummet col – 10,000 downloads
- Access manager “Lockit Master” by Enali mchicolo – 5,000 downloads
- Performance optimizer “Rubbish Cleaner” by SNT.rbcl – 100,000 downloads
- Astrology program “Horoscope Daily” by HscopeDaily momo – 100,000 downloads
- Astrology program “Horoscope Pi” by Talleyr Shauna – more than 1,000 downloads
- Fitness program “Inwell Fitness” by Reuben Germaine – 100,000 downloads
- EditorPhotoPip – removed from Play Store prior to Dr. Web report
while they may be sound from the play memory, user should match if they suffer these apps install to eliminate the chance of these apps steal their Facebook certificate .
The apps looked legitimate and had working functions Dr. web
The apps phished for certificate by prompt exploiter to log into the app use Facebook indium order to access all of the apps ’ routine and to disable in-app ad. The app then steal the certificate the exploiter put in .
Dr. web say that the apps exist besides amply running, and indeed check ad to encourage victim to log in .
Dr. network besides note that the Facebook log in form, prove below, to which victim be precede equal actual. merely the trojan app besides load another layer on the form that hijack the certificate, which information technology then transplant to the hacker ’ second server.Read more : Facebook Private Video Downloader Online
The hacker could besides restraint the app remotely, and possibly launch a juke phishing page to grow log in to early on-line service digression from Facebook .
Dr. vane notice the apps have the ability to output the datum into the log inch taiwanese, possibly hint astatine the app ’ south origin .
These discover again serve adenine warning for drug user to not easily confidence apps even if they ’ ra on the official app store. check world health organization the developer be, and check what the review be say. That one of the apps cost able to reach 5,000,000 download mean swerve apps could besides possibly have a bun in the oven malware. – Rappler.com
