Google removed apps with 5.8 million downloads that stole users data


According to Doctor Web found malware apps on Google Play steal Facebook users’ logins and passwords. These apps were downloaded by the users more than 5,856,010 times. These apps are mainly used for photo editing and framing, exercise and training, horoscopes, and unwanted files from Android devices.

What exactly happened?

This software takes a user to the replica of the Facebook login page, which was a malware program. As soon as a user login to a page that looks like Facebook, they steal the user’s ID and password.

They developed the script which directly used to highjack the entered login credentials. After that, this JavaScript, using the methods provided through the Javascript Interface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server.

After the victim logged into their account, the trojans also stole cookies from their current authorization session. Those cookies were also sent to cybercriminals.

Dr Web Anti-Virus detected a photo-editing software called Processing Photo as Android.PWS.Facebook.13 and was spread by the developer Chikumburahamilton. It was installed over 500,000 times.

Other apps included Rubbish Cleaner, Inkwell Fitness, Horoscope Daily, which nearly had 1 Lakh downloads each, App Lock Keep, Lockit Master with 50,000 downloads each. Horoscope Pi with 1000 downloads and App Lock Manager with ten downloads.

The malwre variants identified by Dr Web are Android.PWS.Facebook.13Android.PWS.Facebook.14Android.PWS.Facebook.15Android.PWS.Facebook.17, and Android.PWS.Facebook.18. Anyone who has downloaded these apps should thoroughly examine their device and Facebook account for suspicious activities. If you have installed any of these apps on your Android device, uninstall them immediately. Also, make sure to reset your Facebook password and enable 2-factor authentication to be on the safer side.

It is not the first time Google has banned malicious software; recently, A few Google Play Store applications have been spotted with Joker malware.

The malware, without the consent of the user, steals the data. According to the Quick Heal report, during intial launch these applications ask for notification permission, which is used to get notification data.

The application then goes on to take SMS data from notification and asks for Contacts access. When login access is provided, the app makes and manages phone call permission. After that, it continues to work without showing any visible malicious activity to the user.

Joker Trojan malware has been spotted in Google Play Store apps for the past three years. A recent report by Quick Heal Security Labs spotted 8 Joker malware on Google Play Store.

These eight applications were reported to Google, and the Google Play removed all the applications from their store. Quick Heal claims that malware authors spread these malware applications on the Google Play Store in scanner applications, wallpaper app, message applications. These types of applications can quickly become a target. 

Google has banned all nine apps from the store not to be allowed to submit new apps. However, according to the report, this is a minor hurdle for defaulters as these developers can come with a new name and new account by just paying a one-time fee of $25.

Hence this is not enough from Google’s side to remove the apps, but according to experts, Google may need to screen this malware itself to keep the attackers out.

Doctor Web also found an photo editing app called EditorPhotoPip, which has already been removed from the official Android app store but still available on software aggregator websites. 

What will you check before installing any app on your phone?

According to experts, android device users should install applications only from known and trusted developers and pay attention to other user reviews. But a review always does not give a complete guarantee about the security of apps as a rating is provided by other everyday users and not by experts.

One should also pay attention to when and which apps ask you to login into your account. If you are not sure that the software that you are installing is asking for login credentials to be safe or not, better do not proceed with it and uninstall it.

Also, avoid giving access to your location, camera and notification to the apps, which can steal all the data without your consent. Users should also install well known and trusted antivirus apps which can save them from such potential hacker.

Anirudha Yerunkar
Anirudha Yerunkar
Postgraduate in Multimedia from IIJNM, Bangalore. Covered stories on health, business, migrant workers and the impact of Covid19 on various sections of society. Interested in reading and writing. I like to follow and research politics and current news. Interested to find what will happen with the human race and where will it go after the Pandemic. Keen to learn and understand anthropology. Also, like to listen to all genre of music but especially like classical and folk music. Writing articles and poetry is my passion. Following national and international literature and various scientific groups is my hobby. Travelled across India and ready to explore more.



More like this

Following the court order, the CRPF took possession of the Gyanvapi Mosque premises in Varanasi

The CRPF was deployed at the Gyanvapi Mosque premises...

SC commutes the death penalty for rape convicts

The Supreme Court remitted the death penalty of a man accused of raping and murdering a juvenile to life in prison, considering the possibility and likelihood of the defendant's reformation and rehabilitation. The obvious and indisputable fact that the appellant had no criminal histories and comes from a poor socioeconomic background, as well as his pristine conduct inside the jail, cannot go ignored," the Supreme Court concluded. Ins conclusion, Supreme Court said that the...

International Museum day celebrating young educators

International Museum Day, a five day long programme of...

Met Gala and its implications

By: Akshinta Das Introduction The Met Gala is fashion's big night out --...