People use social media websites like Facebook on a daily basis. These platforms are an essential part of human lives now. Since people spend so much time scrolling through these platforms, one account tells almost everything about him. Who are the people that he knows, and what are his interests? Their accounts can even contain their secrets. That is why it is not a good idea to share account information. A person who would do so will put himself at risk of many dangers. So, as much as possible, Facebook users should treat them as private properties.
The problem is hackers exist. For various malicious objectives, they try to take over someone else’s account. Of course, no one would willingly give them the information that they need. Therefore, they rely on other methods, such as using malware.
In fact, Google Play just removed nine trojan apps from the store. These android applications disguise themselves as harmless software so no one would suspect them. However, researchers found that they hide malware that steals the user’s Facebook log-in information.
These apps had a total of more than 5.8 million downloads combined. One of the apps is responsible for the 5 million downloads. The second-largest contributor, on the other hand, had half a million downloads.
Those who installed these applications are advised to change their Facebook credentials to be safe. The apps span many industries, even buying Facebook followers. Be sure to use our reviews and only buy Facebook followers from the trusted sites we have reviewed so you can shop safely!
How Do They Steal The Information?
Again, like the Trojan horse, these apps present themselves as harmless software. They could be providers of daily horoscopes or photo editing software. However, Russian anti-virus software firm Dr. Web discovered they contain malicious codes.
The applications have premium features that users can only unlock by logging into Facebook. Many applications let users sync them to social media, so they would not be suspicious.
If they chose to do this, the app would load the legitimate Facebook webpage into WebView. Subsequently, they loaded JavaScript received from the command-and-control (C&C) server into the same WebView. The C&C is the computer used by the hacker. After the user typed their log-in information, the script transfers their data to the C&C. Aside from the log-in and password, the malware also steals cookies from the current authorization session. These are sent to the cybercriminals as well.
The Five Malware Variants
Found within the applications are five malware variants. The analysts identified them as Android.PWS.Facebook.13, Android.PWS.Facebook.14, and Android.PWS.Facebook.15. These three are native to Android Apps. The last two are Android.PWS.Facebook.17 and Android.PWS.Facebook.18, which uses Google’s Flutter network for cross-platform compatibility. Dr. Web classifies all five as the same trojan. They use nearly identical methods, code, and file formats to steal user data.
The Nine Trojan Apps
At this time of writing, Google Play has already removed the apps from the Playstore. They also banned the developers, preventing them from submitting other a
applications.
However, people can still find APK files of the said apps on the internet. That is unfortunate because unsuspecting users may fall victim to their schemes. This should serve as a warning. If an app is not on the Playstore, you should not install it without further research. To be safe, do not think of installing it at all.
For more information, here is a list of the nine trojan apps removed from Google Play:
- Processing Photo – This app was made by the developer chikumburahamilton. It is a photo editing software. The sad thing is, this one was pretty popular. It had over 5 million downloads on Google Play. Who knows how many of them gave away their log-in information.
- PIP Photo – this is another photo editing software made by the developer Lillians. It lets users put frames on their photos.
- Rubbish Cleaner – This application from the developer SNT.rbcl allows users to scan and clean cache and junk files from their phones.
- App Lock Keep – from the developer Sheralaw Rence. This application lets users set a different lock, password/code on different apps separate from the phone lock.
- App Lock Manager – This app from the developer Implummet col allows users to lock their video and photo apps.
- Lockit Master – This app from the developer Enali mchicolo is similar to App Lock Keep. It allows users to lock settings, videos, photos, and apps so users would “not need to worry about privacy leakage.”
- Horoscope Daily – This is an app from the developer HscopeDaily momo. Aside from daily horoscopes, it provides other features like zodiac compatibility and such.
- Horoscope Pi – Developer Talleyr Shauna made this app. It gives free daily horoscopes, tarot reading, and love compatibility tests.
- Inwell Fitness – This is a physical fitness app from the developer Reuben Germaine. It helps people in exercising.
The developers are really clever in this. Each one of the apps targets a specific set of people. They fill a niche that users can find interesting. On top of that, they made these apps fully functional. Based on their download count, people find them useful—what a way to fool people!
If you have installed any of these and logged in to Facebook through them, your account is in danger. It would be best if you swiftly update your Facebook information. That is if you can still access it. Also, you should check your other online accounts for suspicious activity.
Related To This
A commenter on the Dr.Web website cited a 2018 USENIX security paper related to this. It was titled “An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications.” It pointed out that hackers can use WebView to steal user credentials and cookies. In the study, they found 21 apps in Google Play that do this malicious practice.
If Google did something to stop them, the malware bypassed that by evolving. Because Android is an open-source operating system, it is easier for them to do so.
There are a number of things users can do to protect themselves from viruses and malware. They can always check the permissions required by the app. Also, users can download an antivirus. Furthermore, users can check the reviews on the app store and the replies of the developers. It might be tedious, but these should keep them safe from malware attacks like this.
