The ‘software’ platform Google Play has removed nine apps for Android with about 6 million downloads that hid Trojans with which they stole access credentials and passwords from the social network Facebook.
As reported by the cybersecurity company Dr. Web in a statement, malicious applications hid a malicious file in functional ‘software’ of different types, such as password managers, image editors or horoscope apps.
The titles of the nine applications were: Processing Photo, App Lock Keep, Rubbish Cleaner, Horoscope Daily, Horoscope Pi, App Lock Manager, Lockit Master, Inwell Fitness, and PIP Photo. The sum of downloads from all of them was 5.8 million.
Dr. Web has warned that, although they have already been removed from Google Play, are still available on third-party platforms and app aggregators.
The affected applications contained a variant of the Trojan Android.PWS.Facebook.15, that uses file formats and Java scripts to steal user information, in this case, their access data to the social network Facebook.
To get access to Facebook access data, the applications asked users to identify themselves with their social network accounts to access ‘premium’ features or stop receiving advertising.
Although the attacks were focused on obtaining user access data, cybersecurity researchers have warned that his method could also be applied to any other type of form on ‘phishing’ sites, and that the Trojans could have been used to steal credentials from any other service.