East Africa News Post

Complete News World

Google removes apps that stole Facebook passwords

Google removes apps that stole Facebook passwords

The security and privacy of our sensitive information remains a primary concern while browsing the web.

Ars Technica notices it The Google It removed nine popular apps from the Play Store after analysts discovered that they were Trojans stealing Facebook login details.

According to the information, the malware has more than 5.8 million downloads combined and is disguised as easy-to-find titles like Daily Horoscope or Junk Cleaner.

How did they work?

The apps tricked users to view the actual Facebook login page only to load JavaScript from the command and control server to hijack the credentials and pass them to the app.

They also stole Biscuit authorization session. According to experts, Facebook was the target in each case, but the creators could easily have directed users to other Internet services.

In these applications, there were five variants, but each used the same JavaScript code and the same configuration file formats to steal data.

A major concern for analysts is how these apps manage to add so many downloads, especially since Google’s automatic detection keeps a lot of malware out of the Play Store.

according to Article from EngadgetThe accuracy of this technique may have helped apps to bypass these defense mechanisms and leave victims unaware that their Facebook data has been stolen.

Editor’s Recommendations

See also  All you need to know about WhatsApp Plus Blue