Google Play Store Removes Apps That Stole Facebook Passwords

The most popular scam apps were downloaded over 500,000 times each.
Adam Rowe

Google has yanked nine apps from its Play Store after learning that they were part of a scheme to trick users out of their Facebook passwords.

The Android apps were good enough to fool a lot of users: They had been downloaded over 5.8 million times, so a significant amount of Facebook account credentials may have leaked. And all the apps were functional at what they claimed to do, from offering daily horoscopes to adding virtual picture frames to images.

It's a reminder to us all: Check twice before downloading an app even from a typically trustworthy source like the Google Play Store.

How the Scam Worked

Malware analysts at Dr. Web discovered the trojan apps. They appeared in the Play Store like any other app.

But, once downloaded, the apps would tell users that they wouldn't be able to access all the app's features or be able to stop in-app ad pop-ups without connecting their Facebook accounts. The Facebook login page, however, was a fake that instead collected the users' login information. Granted, the process was a little more complicated than that:

“These trojans used a special mechanism to trick their victims,” Dr. Web explained. “After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to highjack the entered login credentials.”

The JavaScript then passed along the stolen data to the trojan applications, which transferred it to the attackers’ C&C server, along with the cookies from the Facebook authorization session. Here's what one of the trojan apps looked like in the Store:

google app scam

One of the now-removed apps

We've added the full list of the trojan apps below. If they're familar to you, you'll want to change your Facebook password now.

  • PIP Photo
  • Processing Photo
  • Rubbish Cleaner
  • Inwell Fitness
  • Horoscope Daily
  • App Lock Keep
  • Lockit Master
  • Horoscope Pi
  • App Lock manager

The first two on the list, PIP Photo and Processing Photo, were the most popular — Each one was downloaded over 500,000 times.

Staying Safe

Google has now removed all nine apps from the store and has banned the publishers behind them as well.

Still, it's a good bet that more trojan apps will pop up in the future. And the facts behind this case — apps that are functional and that offer realistic Facebook login pages — indicate that the scammers are getting more sophisticated in their attempts to trick users out of personal information.

The easiest solution to keep your own information secure is to avoid downloading apps that don't come from a source you recognize. Pruning out any apps you don't use on a regular basis helps too, by reducing the number of potential weaknesses.

Finally, a few applications for online security may help — a secure VPN won't hurt, but the best software for avoiding malicious password-stealing attempts will be a password manager. Many top password manager options will flag a suspicious login page, saving you from adding your private details to the next long list of stolen data.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for the last decade. He's also a Forbes Contributor on the publishing industry (and Digital Book World 2018 award finalist) and has appeared in publications including Popular Mechanics and IDG Connect. When not glued to TechMeme, he loves obsessing over 1970s sci-fi art.

Explore More See all news
close Building a Website? We've tested and rated Wix as the best website builder you can choose – try it yourself for free Try Wix