Apps from the Play Store that have millions of downloads aren’t necessarily reliable, and a new discovery of researchers from Dr. Web proves it. According to LifeHacker.com, those guys found nine apps that gathered over 5.8 million combined downloads that had also been secretly stealing Facebook passwords of users.
The pesky apps were using a genuine Facebook login page for their dirty gimmick. If you’ve downloaded any of the apps, it’s time to delete them from your phone ASAP and change your Facebook password.
Google has removed the fraudulent apps from the Play Store
The researchers responsible for the discovery revealed that the developer known as chikumburahamilton created the apps apparently for horoscopes, photo editing, junk cleaning, and more. Behold the full list of fraudulent apps:
– PIP Photo
– Processing Photo
– Rubbish Cleaner
– Inwell Fitness
– Horoscope Daily
– App Lock Keep
– Lockit Master
– Horoscope Pi
– App lock Manager
At some point, these apps would prompt the victims to log in to their Facebook accounts for unlocking the full functionalities of the software. If the users fall for it, the apps would start their C&C server for copying and storing data from a webpage. The apps started to load the legitimate Facebook login page after receiving the settings from the servers. A JavaScript code ultimately kicked in and started to copy the username and password.
What can we do to avoid such unpleasant scenarios and dangerous apps? Being extremely precautious before installing anything from the internet is one of the best ways. Just because an app was downloaded millions of times doesn’t necessarily mean that it’s safe to install. Second, we can install some decent antivirus and anti-malware software on our phones, such as Avast, Comodo, Malwarebytes, and so on. Many of these software include a free trial period, which is perfect for deciding if it’s worth going for a Premium version or not.