Search engine giant Google is working to pull Android apps that commit major violations against privacy, and now, reports have said that the company has removed as many as nine apps from the Google Play Store, APA reports citing Newonnews.
These apps were discovered by Dr. Web analysts to be trojans that were stealing the login details to Facebook, and they did not even have obscure titles. They had commonplace and easy-to-find titles like Horoscope Daily and Rubbish Cleaner, and these malicious apps combined had more than 5.8 million downloads.
The apps worked by tricking users, loading the real Facebook sign-in page, only to then load a JavaScript from a command and control server that would hijack the credentials. These credentials were passed along to the app and then to the command server, and the app also stole the cookies from the authorisation session. While the apps had targeted Facebook each time, the creators did have the ability to use this process equally easily for any other internet service. The apps used five variants of the malware, but the JavaScript code and the configuration file formats used for stealing the information were the same for all of them.
The tech giant has said that it has banned the developers of all of these apps from the Play Store, even as it is not likely to pose much of an issue for the creators behind the malware, because they can very easily make a new developer account. In order to keep the attackers out of the Play Store, Google might need to take out the big guns and screen for the malware itself.
Follow us on Telegram
t.me/apanewsaz
Follow us on Instagram
Follow us on Facebook
Follow us on Twitter
