Photo: sitthiphong (Shutterstock)
Researcher from Dr. Web found nine apps with more than 5.8 million combined downloads that were secretly stealing users’ Facebook passwords through a real Facebook login page. At this point in time, Google has banned the developer and removed these nine apps from the Play Store. However, once you’ve downloaded one of these, it’s time to change your passwords.
How did the apps steal the data?
According to the Researcher at Dr. Web, the developer chikumburahamilton, has developed fully functional apps for photo editing, training, horoscopes and garbage cleaning (among others). After a period of time, these apps prompted users to log in via Facebook in order to unlock the full functionality of the app.
When the users did so, the app would launch its own C&C server (a command-and-control server controlled by the developer to copy and store data from a webpage). After receiving the settings from the C&C server, the app was loaded and then the legitimate Facebook login page was loaded.
The app then loaded the JavaScript received from the C&C server into the Facebook login page (JavaScript code is versatile and can be inserted anywhere, even if a user only taps on a text field). This javascript code was then used to copy the username and password.
G / O Media can receive a commission
The JavaScript then passed the copied data to the application, which in turn passed it on to the app’s C&C server, where it was stored. After the user logged into the application, the app also stole cookies from the current authorized session, which in turn were sent to cyber criminals.
In this case, the apps only used the real Facebook login page. However, because of the way JavaScript and C&C servers work, they could easily have done this with any service that requires you to log into.
What can you do about it?
The first thing you should check is that you have any of these nine apps running:
- PIP photo
- Process photo
- Garbage cleaner
- Inwell Fitness
- Daily horoscope
- Keep app lock
- Lockit master
- Horoscope more
- App lock manager
If you have any of these apps installed, the first step is to uninstall the application.
Then when you have logged into Facebook using the app, you have to Reset your password immediately.
Next, stay vigilant. Use a trusted antivirus application like Malwarebytes to detect apps with malicious code. Whenever possible, avoid connecting third-party services like Facebook to random apps downloaded from the Play Store. Because of the way the Play Store works, it’s trivially easy for developers to re-enter and resubmit apps after they’re removed (a developer license is only $ 25).
Finally switch on Two-factor authentication for each site that allows it and pair it with a Password manager. This helps you generate and store long passwords securely. And even if a website leak reveals your password, two-factor authentication protects you from hackers.
[Ars Technica]
 
