Another major hack of the Android ecosystem has been detected and it has compromised users’ Facebook credentials fairly. Scary as it may sound, the malware analysts at Doctor Web have identified the Trojan applications. Surprisingly, these apps have a total of more than 5.8 million installs. After this shocking discovery, the nine apps in question were removed from the Play Store. Of these malicious applications, two were photo editing applications: PIP Photo and Processing Photo with more than 5 million and 500,000 installations, respectively.
Other identified applications With the fraudulent theft of Facebook login information from unpretentious users include Rubbish Cleaner, App Lock Keep, App Lock Manager, Lockit Master, Horoscope Pi, Horoscope Daily and Inwell Fitness. If you have any of these installed, uninstall them immediately and change your Facebook password.
These apps disguised themselves as genuine tools and gave users the option to disable in-app ads by logging into their Facebook profile. This is where the scam started when users were presented with a very genuine looking Facebook login page.
The fake form page where users entered their Facebook credentials went straight to the hackers using some clever tricks. This sensitive data is transferred to the attacker’s command and control server, where the hackers logged into the account and stole the authorization session cookies.
The malware within these apps was in five different variants, three of which are native to Android, namely: Android.PWS.Facebook.13, Android.PWS.Facebook.14, and Android.PWS.Facebook.15. Others are Android.PWS.Facebook.17 and Android.PWS.Facebook.18, which use the Google Flutter framework for cross-platform compatibility.
If that’s not enough, the sensitive information is also sent to cybercriminals, who can use the information to cause serious hacking consequences. Even though the damage has already been done, the hackers could have created similar fake login forms for other services to complicate damage control efforts for the good guys.