The story of the security of the Google Play Store app market was once again mentioned, when up to 9 Android apps with millions of downloads were found to secretly steal users' Facebook passwords.

Recently, security researchers have recently discovered 9 Android applications containing malicious code that are "aiding" hackers to steal users' Facebook passwords.

According to a company specializing in Russian IT security solutions named Dr. Web, Android applications were found to be disguised as legitimate applications. Some camouflage applications provide basic photo editing features, customize the screen.

But few expected, these applications were created to steal users' Facebook passwords. One of the common password-stealing tactics of these applications is to lure users into logging into their Facebook accounts to "remove ads". So it is the user who accidentally gives away their Facebook account and password to the bad guys without even knowing it.

Of course, Google was notified of this and the apps have now been removed from the Google Play Store. In addition, the company has banned the developers of the above 9 applications from submitting new applications. That's the right thing for Google to do. However, it is only a small hurdle as developers only need to register a new developer account with a different name for a fee of 25 USD.

Describing the scams of these apps, Dr.Web explains:

"These trojans use a special mechanism to trick the victim. After receiving the necessary settings from one of the C&C servers, the bad guy will download the legitimate Facebook website with the address https://www. .facebook.com/login.php to the WebView Next, they load the JavaScript received from the C&C server into the same WebView, which is used directly to hijack the user's login information.

The JavaScript then uses special methods to pass the stolen logins and passwords to the trojan apps, which in turn pass the data to the attacker's C&C server. After the victim logged into their account, the trojan also stole cookies from the current authorized session. And then that cookie will also be sent to cybercriminals."

Below is a list of 9 malicious apps that can steal your Facebook password. So if you've ever downloaded any of the 9 apps below, change your Facebook password immediately.

- PIP Photo: more than 5.8 million downloads

- Processing Photo: more than 500,000 downloads

- Rubbish Cleaner: more than 100,000 downloads

- Inwell Fitness: more than 100,000 downloads

- Horoscope Daily: more than 100,000 downloads

- App Lock Keep: more than 50,000 downloads

- Lockit Master: more than 5,000 downloads

- Horoscope Pi: 1,000 downloads

- App Lock Manager: 10 downloads

Company Name: I.CO KURU Vietnam Company Limited
Tax Code / Registration Certificate / QDTL: 0702431597
Email: info@noithathoanghavn.com | Phone: 07862567777
ALWAYS PROVIDE YOU SERVICES WITH Reasonable Costs, International Quality, Professional Services, Aftermath
Address: 99 Nguyen Dinh Chieu, Ward 6, District 3, City. Ho Chi Minh City, Vietnam
Copyright © 2001 - SDC. All rights reserved