These 9 Apps From Play Store Were Stealing Your Facebook Passwords

You might think that any app you download from the Google Play Store, is completely safe and secure, but that’s not true. Many apps on Play Store can

You might think that any app you download from the Google Play Store, is completely safe and secure, but that’s not true. Many apps on Play Store can access your data without having your attention. These apps can access your private data and you won’t even know.

9 google play store apps stealing facebook passwords
Image: Unsplash

You might think that any app you download from the Google Play Store, is completely safe and secure, but that’s not true. Many apps on Play Store can access your data without having your attention. These apps can access your private data and you won’t even know.

According to the latest report by some researchers, some apps with millions of downloads, were caught stealing users' Facebook data and passwords. This report reveals 9 apps names that were stealing your Facebook data and passwords.

Recently, these apps were removed and completely banned from Play Store. A Google representative stated that these apps developers are banned from the store they are not allowed to upload more apps on Play Store. But if you have any of these apps installed on your phone you must delete them now.

The list of apps is given below:

  1. PIP Photo
  2. Processing Photo
  3. Rubbish Cleaner
  4. Horoscope Daily
  5. App Lock Keep
  6. Lockit Master
  7. Horoscope Pi
  8. App Lock Manager
  9. Inwell Fitness

Nothing seems suspicious if you just look at their names. These are some common daily usage apps but they actually steal your data. Some of these apps, like PIP Photo and Horoscope Daily, surprisingly have millions of downloads.

9 apps stealing facebook password
via Dr.Web

How did these apps steal your Facebook data?

All the applications referenced in the report offered genuine highlights, making the clueless clients trust them. They even permitted clients to open more highlights and disable in-application ads by signing into their Facebook accounts. As the user login through Facebook, the Trojan virus in the app is activated. These apps use an exploit to steal the passwords of users.

The researcher defines the exploit as follows:

“There is a Java Script method which passes the stolen login and password to the Trojan applications, which then transfers the data to the hackers’ C&C server. As the user signs in to their account, the Trojan steals cookies from the current authorization session. Those cookies are also sent to hackers.”

The researchers distinguished five malware variations reserved inside the applications. Three of them were local Android applications, and the excess two utilized Google's Flutter Framework, which is intended for cross-platform compatibility.

How to be safe?

There are millions of apps on the Play Store. It’s hard to find out which app will access your data. Only download trustful apps from reputable developers, and check reviews. When you install a new app on your phone, it usually shows a list of things it will need to access. Most users blindly allow permission, which is unsafe. Always check these permissions and make sure they don't ask for things they don't really need. For instance, a calculator app shouldn't usually require access to make phone calls, or listen to your microphone. You may also install a good antivirus app on your phone, which can help you a lot. Hackers will always find different ways to steal your data.

Conclusion

Google Play Store is the most used store in the world used by users. Millions of apps are downloaded daily from Play Store. Although these malicious apps are already banned, Google must provide more security features to the users, and check the apps before allowing them on their store. Still, there are many apps on Play Store which could be stealing users' data.

by Talha Shaikhani