These 9 Android apps might have stolen your Facebook password


Despite the seemingly unstoppable wave of cyberattacks that should teach users to improve their defenses against, not all internet users learn from their mistakes. Some people recycle the same login credentials across different apps and services. Using the same username, email, and password on multiple sites might be convenient. You only have to remember those details, and then you can log into all the sites you need to. But that’s what hackers count on. That’s why they want to steal your Facebook password, hoping they’ll be able to hack into more sensitive accounts using those credentials.

Researchers discovered that nine Android apps that got more than 5.8 million combined downloads from the Google Play store. The apps  included malicious code that allowed hackers to steal Facebook passwords.

Today’s Top Deal Newest Nest Thermostat just hit a new all-time low price at Amazon – $12 less than Prime Day! Price:Was $130, Now $87.99! Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

A report from Dr. Web (via ArsTechnica) explains that the apps in question looked like legitimate apps. They offered basic photo editing features to mask their malicious purpose. But the developers used the apps to steal Facebook passwords.

Google is aware of the problem, and the apps are no longer available from the Google Play store. But that doesn’t do much for users who had already downloaded and installed any of them.

Facebook password hacked; what next?

The attackers came up with a clever way to steal Facebook credentials. They told users they could eliminate ads simply by logging into their Facebook accounts. Unsuspecting users might have signed in without thinking twice. Using Facebook to log into apps is part of the internet experience, after all.

That’s how the hackers stole the Facebook passwords:

These trojans used a special mechanism to trick their victims. After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.

If you use the same username/password combination for Facebook and other online apps, you should consider changing all of them. An attacker with access to your Facebook credentials might try the same combination for your email, internet banking, and online stores. They could do some serious damage with that information. That’s why each app and service must have its own password.

If you have downloaded one of the nine apps below, you should consider changing your Facebook password immediately. Then do the same with every other service where you’ve recycled the Facebook credentials.

You should also check your Facebook account for fraudulent activity and do the same with other online accounts that have the same username and password.

Facebook Password Hack
These 9 Android apps contain malicious code that can steal Facebook passwords. Image source: Dr. Web

The malicious Android apps

Dr. Web identified all the apps that included malicious code capable of stealing Facebook passwords. It’s unclear how many Facebook users were impacted, but the discovery shows that attackers might employ similar attacks to steal logins from other websites.

Google removing the apps from the Play Store isn’t enough to protect you. You should delete any of the following apps from your devices right away:

  • PIP Photo: more than 5.8 million downloads
  • Processing Photo: more than 500,000 downloads
  • Rubbish Cleaner: more than 100,000 downloads
  • Inwell Fitness: more than 100,000 downloads
  • Horoscope Daily: more than 100,000 downloads
  • App Lock Keep: more than 50,000 downloads
  • Lockit Master: more than 5,000 downloads
  • Horoscope Pi: 1,000 downloads
  • App Lock Manager: 10 downloads

Furthermore, using an anti-virus solution for your Android smartphone or tablet might also help.

Today’s Top Deal OMG… the $60 diamond stud earrings Amazon shoppers rave about are finally back in stock! Price:$59.90 Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.


For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
Leave a comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More