Not long ago Google abolished nine malignant apps from the Play Store subsequently they found sneaking Facebook users login credentials.
These malwares was observed by a special technique to ploy users into divulging their login credentials by providing some photo editing and other features. This was track down by security researchers at Dr. Web.
“Doctor Web’s malware analysts have discovered malicious apps on Google Play that steal Facebook users’ logins and passwords. These stealer trojans were spread as harmless software and were installed more than 5,856,010 times.”
The 9 malware apps were Processing Photo, App Lock Keep, Rubbish Cleaner, Horoscope Daily, Horoscope Pi, App Lock Manager, Lockit Master, Inwell Fitness, and PIP Photo.
As per Dr. Web’s statement these apps were highly functioning and also to debilitate the surveillance of losers. The add performing in the middle of some apps are real and this intrigue was conscious to stimulate the device holder to execute the necessary actions.
A social network login page will appear on the screen when the users click the login icon. But it was a fake page in order to sneak the users ID and Password.
By use of this Java script Interface annotation the sneaked credentials were given to the malignant applications and then to C&C server. When the victim log in to their account their cookies were sneaked by the Trojans and handover to cyberpunks.
After Dr. Web’s report went live, Google removed all the nine malicious apps from the Play Store. In addition, it has also banned developers of these apps from submitting any new apps, according to ArsTechnica.
They suggested to android users to install apps from known resources and also to check the other users reviews. They also mention that the users should be alert that which apps are asking them to login their accounts.