Google removes nine apps from Play Store for stealing Facebook Users data

 The nine applications were found to be stealing unsuspecting users’ Facebook usernames and passwords. The nine applications were found to be stealing unsuspecting users’ Facebook usernames and passwords.

Google recently took down nine applications from the Google Play Store after security researchers at Dr Web (first reported by ArsTechnica) found these malicious apps using a special mechanism to trick users into handing over their Facebook credentials.

The apps reportedly lured users into disabling in-app advertisements by linking their Facebook profile to the app. However, while an actual form popped up where users could enter their Facebook details, malicious JavaScript code would capture the usernames and passwords.

“This script was directly used to highjack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals,” said the researchers at Dr Web.

Apps taken down:

• PIP Photo (5,000,000+ downloads)
• Processing Photo (500,000+ downloads)
• Rubbish Cleaner (100,000+ downloads)
• Inwell Fitness (100,000+ downloads)
• Horoscope Daily (100,000+ downloads)
• App Lock Keep (50,000+ downloads)
• Lockit Master (5,000+ downloads)
• Horoscope Pi (1,000 downloads)
• App Lock manager (10 downloads)

If you had any of the above apps installed, now is a great time to get rid of the application(s) and change your Facebook password. Also make sure that you have two factor authentication enabled on your Facebook account so that nobody can login remotely without you finding out.

------------------------------------------------------------------------------------------