Google Kicks Credential-Stealing Android Apps From the Play Store downloaded more than 5.8 million times

Android apps that stole Facebook credentials from unsuspecting users were downloaded more than 5.8 million times before Google kicked them off the Play Store.

Nine Android apps with a collective 5.8 million downloads were removed from the Google Play Store for stealing Facebook credentials from their users, according to security firm Doctor Web.

The apps in question were basic utilities that offered image-editing capabilities, horoscope information, and performance optimization features. Doctor Web said the software actually functioned as intended, most likely so users would be more willing to trust them with their data.

The apps then prompted users to log in to Facebook using a legitimate sign-in page that relied on JavaScript injection to steal a user's login credentials after they were entered. They also stole cookies from the current session, and all the stolen data was sent to the scammers.

"Analysis of the malicious programs showed that they all received settings for stealing logins and passwords of Facebook accounts," Doctor Web said. "However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service."

Ars Technica reports that Google banned the developers of these apps from the Play Store after Doctor Web contacted the company. That might not be enough to stop them from attempting the scheme again, however, because they can sign up for new developer accounts for just $25.

Referenced from: PCMag