lswcap
Security company Dr.Web has released 10 malicious apps that steal Facebook login information. Nine out of 10 are available on Google Play and have been downloaded 5.8 million times.
All the features of the application identified this time are that the function itself can be used without any inconvenience. Apps that steal Facebook user information will require you to log in with your Facebook account to disable in-app ads. Press the button (LOGIN WITH FACEBOOK) to switch to the Facebook login form. Although this login form itself is genuine, it is said that the user name and password entered in this login form are transmitted to the attacker server by malicious code.
The number of downloads of these 9 types was 5.56,010, of which PIP Photo was downloaded more than 5 million times, causing great damage. Five types of malicious code included in this app have been identified, of which 3 are Android native apps and 2 are written with the Flutter framework, but have the same file format settings for code stealing user data and the same Java Because the script code is used, Dr.Web has five types (Android.PWS.Facebook.13, Android.PWS.Facebook.14, Android.PWS.Facebook.15, Android.PWS.Facebook.17, Android.PWS. Facebook.18) as the same malware variant. Among them, Android.PWS.Facebook.15 includes an additional function that generates a part of the log file in Chinese, so Doctor Web points out that it is likely made in China.
Meanwhile, nine of these apps have been deleted from Google Play. Related information can be found here.
Add comment