How your Facebook logins are ‘stolen’
Google has deleted nine Android apps from the company’s Play marketplace amid concerns the apps used a sneaky way to steal users’ Facebook login credentials.
The apps reportedly appeared normal and required users to log in using their Facebook accounts.
This is common, but in this case, the apps contain trojan malware which is installed right after the users log into their accounts.
Users who chose the option saw a genuine Facebook login form containing fields for entering usernames and passwords.
In a bid to win users’ trust and lower their guard, the apps provided fully functioning services for photo editing and framing, exercise and training, horoscopes, and removal of junk files from Android devices.
The nine apps have cumulatively garnered more than 5.8 million downloads.
Although designed to steal Facebook passwords, the report says that the attackers could have easily changed the trojan’s settings and commanded them to load the web page of another legitimate service.
According to a post published by security firm Dr. Web, the apps attract users to disable in-app ads by linking to their Facebook profiles.
When a user goes to link to his profile, they see an original form that asks them to enter their username and Facebook password.
“They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service,” they said.
The apps have been removed from Google’s play store, but some people could still have them on their phones or tablets. Check for the nine apps below:
· Processing Photo
· App Lock Keep
· Rubbish Cleaner
· Horoscope Daily
· Horoscope Pi
· App Lock Manager
· Lockit Master
· Inwell Fitness
· PiP Photo
Android users are advised to download apps from trusted developers and pay attention to reviews on the page.
If you suspect that the app you are about to download is suspicious, skip it.
Anyone who has downloaded one of the above apps should thoroughly examine their device and their Facebook accounts for any signs of compromise.