The Android ecosystem has encountered a new batch of virus that hide themselves in applications. Nine of these were available on the Google Play Store until recently. A new study from a cybersecurity firm has revealed that there were 10 such apps that were found to be laced with a trojan virus. Some of these apps have been downloaded 5 million times. While Google Play Store may have removed these apps, users who might have downloaded the apps should also delete them from their device in order to steer clear from any further compromise.
A cybersecurity service provider, DrWeb has published a new report showcasing the discovery of malicious apps on Google Play Store that steal Facebook users’ logins and passwords. The report suggests that these stealer trojans were spread as harmless software and were installed more than 5,856,010 times.
According to the report, the applications were fully functional when they were first downloaded. This caused users to drop their guard against any potential harm. Once the app was in use, the applications offered users some extra benefits if users logged into their Facebook accounts. One of the benefits was to disable in-app ads. The advertisements inside some of the apps were indeed present, and this manoeuvre was intended to further encourage Android device owners to perform the required actions.
If users agreed and clicked the login button, they saw a standard social network login form.
According to the DrWeb report, these trojans then used a special mechanism to trick their victims. After receiving the necessary settings from one of the command-and-control (C&C) servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to highjack the entered login credentials.
After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.
The report further claims that the malicious programs received settings for stealing logins and passwords of Facebook accounts. However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service.
Here’s the list of applications flagged by the cyber security service provider:
- Processing Photo by the developer chikumburahamilton
- App Lock Keep from the developer Sheralaw Rence
- Rubbish Cleaner from the developer SNT.rbcl
- Horoscope Daily from the developer HscopeDaily momo
- Horoscope Pi from the developer Talleyr Shauna
- App Lock Manager from the developer Implummet col
- Lockit Master from the developer Enali mchicolo
- Inwell Fitness from the developer Reuben Germaine
- PIP Photo by the developer Lillians
EditorPhotoPip was another app that was removed from the Play Store much earlier.
Never miss a story! Stay connected and informed with Mint.
Download
our App Now!!
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
