Malware analysts discovered nine Android apps on the Google Play Store with more than 5.8 million downloads that were sneakily stealing users’ Facebook login credentials.
Russian anti-malware software company Dr.Web found trojan apps that would steal Facebook passwords by tricking unsuspecting victims into entering their private information in order to bypass in-app ads. Fortunately, these Android apps are no longer available on the Play Store.
Spotted by Ars Technica, the apps ranged from photo-editing software to fitness programs and horoscope news. One of the malicious apps known as “PIP Photo” had 5 million downloads, while others ranged from 10 to 500,000.
To trick users, the trojan apps would provide full functionality of their services and take away in-app ads if the users logged into their Facebook account via the application.
The app would load up a legitimate Facebook login page, but the details typed in would go straight to the malicious actors’ command-and-control server. With the number of downloads, millions of Facebook accounts could have potentially been hacked…
