These 9 Android apps may have stolen your Facebook password

Despite the seemingly unstoppable wave of cyberattacks that should teach users how to improve their defenses, not all internet users learn from their mistakes. Some people recycle the same credentials across different apps and services. It can be useful to have the same username, email address, and password on multiple websites. All you have to do is remember these details and then you can log into whatever websites you need. But Hackers count on it. Because of this, they want to steal your Facebook password in the hopes that they can hack into more sensitive accounts with those credentials.

Researchers found that nine Android apps combined received more than 5.8 million downloads from the Google Play Store. The apps contained malicious code that allowed hackers to steal Facebook passwords.

Today’s top offer Get Alexa in your car for $ 19.99 with this crazy Amazon listing! List price:$ 44.99 Price:$ 19.99 You save:$ 25.00 (56%) Available from Amazon, BGR can receive a commission Buy now Available at Amazon BGR can receive a commission

A report by Dr. Web (above ArsTechnica) explains that the apps in question looked like legitimate apps. They offered basic photo editing features to hide their malicious purpose. But the developers used the apps to steal Facebook passwords.

Google is aware of the problem and the apps are no longer available in the Google Play Store. But that doesn’t do much for users who have already downloaded and installed one of them.

Facebook password hacked; what now?

The attackers came up with a clever way to steal Facebook credentials. They told users that they could eliminate ads simply by logging into their Facebook accounts. Unsuspecting users may have signed up without even thinking. Logging into apps via Facebook is part of the internet experience.

Here’s how the hackers stole Facebook passwords:

These Trojans used a special mechanism to trick their victims. After getting the required settings from one of the C&C servers at startup, they loaded the legitimate Facebook website https://www.facebook.com/login.php in WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was used directly to hijack the credentials entered. Then, using the methods provided by the JavascriptInterface annotation, this JavaScript passed stolen logins and passwords to the Trojan horse applications, which then transferred the data to the attacker’s C&C server. After the victim logged into their account, the Trojans also stole cookies from the current authorization session. These cookies have also been sent to cyber criminals.

If you’re using the same username / password combination for Facebook and other online apps, consider changing them all. An attacker with access to your Facebook credentials could try the same combination for your email, internet banking, and online stores. You could do serious harm with this information. That is why every app and every service must have its own password.

If you’ve downloaded any of the following nine apps, you should immediately consider changing your Facebook password. Then do the same with any other service where you’ve recycled Facebook credentials.

You should also check your Facebook account for fraudulent activity and do the same to other online accounts with the same username and password.

Facebook password hack
These 9 Android apps contain malicious code that can steal Facebook passwords. Image source: Dr. Web

The malicious Android apps

Dr. Web identified all apps that contained malicious code that could steal Facebook passwords. It is unclear how many Facebook users were affected, but the discovery shows that attackers could carry out similar attacks to steal logins from other websites.

Google’s removal of the apps from the Play Store isn’t enough to keep you safe. You should immediately delete any of the following apps from your devices:

  • PIP Photo: 5.8 million+ downloads
  • Photo processing: more than 500,000 downloads
  • Garbage cleaner: more than 100,000 downloads
  • Inwell Fitness: more than 100,000 downloads
  • Daily horoscope: more than 100,000 downloads
  • App Lock Keep: 50,000+ downloads
  • Lockit Master: more than 5,000 downloads
  • Horoscope Pi: 1,000 downloads
  • App lock manager: 10 downloads download

Using an antivirus solution for your Android smartphone or tablet can also help.

Today’s top offer OMG … the $ 60 diamond stud earrings that Amazon shoppers rave about are finally back in stock! Price:$ 59.90 Available from Amazon, BGR can receive a commission Buy now Available at Amazon BGR can receive a commission

Source link

Comments are closed, but trackbacks and pingbacks are open.