Notice to Android users, a new vulnerability currently touching the Play Store. The app store had nine dangerous applications that Google has just removed from the platform after the discovery of their nature. In a survey by Dr. Web, specialists pointed out the hidden motivation of these programs, which had the annoying tendency to steal your Facebook credentials.

The nine apps are no longer available on the Android app store, but of course, the problem persists for all users who had previously downloaded these programs. In all, these applications have accumulated more than 5.8 million downloads. They were of a general public nature as with this horoscope application called “Daily Horoscope”.

Your targeted Facebook

To achieve their objective, each of the applications in question displayed a classic Facebook connection interface, with JavaScript allowing them to hijack and save username and password.

“This JavaScript, using the methods provided through the JavascriptInterface annotation, passed the stolen login and password to the Trojan applications, which then forwarded the data to the attackers’ C&C server. Once the victim logged into their account, the Trojans also stole the cookies from the current authorization session. These cookies were also sent to cybercriminals », Explain Ars Technica.

Why has Google let such programs pass on its Play Store? Today we know the difficulty of being accepted on the Android application store, which is increasingly severe in terms of security. But here the malware seemed sufficiently discreet so as not to be detected by Google. Especially since the data hijacking software has been available in five variants, reports Dr. Web.

The list of applications

Without further ado, here is the list of apps known to be malicious and removed from the Play Store. The majority of downloads are from the leading photo app PIP Photo, with over five million downloads.

  • PIP Photo (5.8 million downloads)
  • Rubbish Cleaner (over 100,000 downloads)
  • Inwell Fitness (over 100,000 downloads)
  • Daily Horoscope (over 100,000 downloads)
  • App Lock Keep (over 50,000 downloads)
  • Lockit Master (over 5,000 downloads)
  • Horoscope Pi (over 1,000 downloads)
  • App Lock Manager (10 downloads)
Android Dr Web app

© Dr. Web

Google’s punishment is certainly questionable. Currently the apps are no longer available and the developer accounts have been deleted. But it only costs $ 25 to create a new developer space and start submitting apps to the Play Store again. Google will have to take these new malicious programs into account and ensure that they cannot find their way back onto our Android smartphones.

With the rise of teleworking, the explosion of digital uses and the importance that we attach to our social networks and online storage, it has never been more important to choose an antivirus. For maximum protection and to help you choose the best antivirus, we’ve put together a comparative guide to the best 2021 antiviruses based on price and guaranteed protection.

Bitdefender Plus Antivirus
Bitdefender Plus Antivirus

By: Bitdefender