Google is still racing to take out Android apps that commit serious privacy violations. Ars Technica notes that Google has deleted nine apps from the Playstore after Dr. Web analysts found out that they were Trojan horses stealing Facebook connection details. These are not obscure titles – the malware had more than 5.8 million downloads combined and posed as easy to come by titles like “Daily Horoscope” and “Trash Cleaner.”
The apps tricked users by loading the real Facebook sign-in page, only to load JavaScript from a command and control server to “hijack” credentials and pass them along to the app (and thus the command server). They are also suspected of stealing cookies from the authorization session. Facebook was the target in every case, but the creators could have easily directed users to other Internet services.
READ ALSO: Musk Said Tesla Will Accept Bitcoin Again as Crypto Miners Utilize The More Clean Power.
There were five versions of malware in the mix, but all used the same JavaScript code and configuration file formats to sweep the information.
Google told Ars it banned all app developers from the store, though that might not be much of a deterrent when authors can probably create new developer accounts. Google may require the screen for the malware itself to keep the attackers.
The issue, of course, is how the applications accumulated so many downloads as they did prior to removal. Google’s largely automated screening keeps a lot of malware out of the Play Store, but the subtlety of the technique might have helped the rogue apps slip past these defences and leave victims unaware that their Facebook data fell into the wrong hands. Whatever the cause, it’s safe to say that you need to be careful about downloading utilities from unfamiliar developers, no matter how popular they appear.