Google removed 9 apps from Play Store for stealing user credentials

facebook leak

Google has reported that Google removed 9 Apps from Google Play Store after they found them to be trojans, stealing Facebook user data.

These 9 Apps were stealing Facebook user’s passwords by using identical JavaScript. These trojan apps were found by the digital security platform Dr. Web as a researcher has shared detailed information in his “article”.

As per Dr. Web’s report the trojan apps were using some special mechanism for obtaining Facebook credentials such as password and users sensitive data. Then they sent these stolen Credentials to the attackers or hackers servers. The report also mention that this 9 Apps stole the cookies from current authorization session and then send them to cybercriminals.

Name of the Apps that Stole Facebook Password.

Dr. Web as researchers discovered five malware variants that are integrated into these trojan Apps. Among all these apps, three of them were indigenous Android Apps, while in the other hand remaining two apps used Google’s Flutterwork Framework which was developed for cross-platform compatibility.

Coming to these apps ,  every one of them had over 100,000 downloads. Most of the downloads were for an app whose name is “PIP Photo”, which has 5.8 million downloads on the Google Play Store. The second-most downloaded trojan app from Google Play Store was “Processing Photo”, which had more than 1 million downloads.

Google removed 9 Apps which are banned by google for Stealing Facebook Credentials.
Dr.Web

The other Five apps were Rubbish Cleaner (100,000+ Downloads), Horoscope Daily (100,000+ Downloads), Inwell Fitness (100,000+ Downloads), App Lock Keep (50,000+ Downloads), Lockit Master (50,000+ Downloads), Horoscope Pi (1,000+ Downloads) and App Lock Manager (10+ Downloads).

After Dr. Web, an Antivirus service, reports These apps as trojans, Google took a quick action and remove all these apps from Google Play Store. Moreover, A Google’s spokesperson told Ars Technica that they had banned the app developers of all these 9 Apps from Google Play Store, which will directly stop the developer’s account from publishing any other new apps on the marketplace. This step of Google can be taken as Positive. But the only loophole is New Developer account with a new name can be created with a nominal fee of $25 (roughly Rs 1,900).

Incase If you have downloaded any of these Trojan Apps on your Smartphones, then we will recommend you to Uninstall it immediately and also change your Facebook password. After taking this steps you can go to “have i been pwned?” website to check whether your Facebook Credentials were stolen or not.

Also read- How to Stop Facebook from tracking your Browsing activity.