Dr.Web experts have discovered on Google Play several malicious applications with Trojans that steal the logins and passwords of Facebook users. They were installed more than 5,856,010 times, with the vast majority of downloads coming from one – PIP Photo.
A total of 9 applications were found:
- PIP Photo – over 5.8 million downloads;
- Processing Photo – over 500,000 downloads;
- Rubbish Cleaner – over 100,000 downloads;
- Inwell Fitness – over 100,000 downloads;
- Horoscope Daily – over 100,000 downloads;
- App Lock Keep – over 50,000 downloads;
- Lockit Master – over 5,000 downloads;
- Horoscope Pi – over 1,000 downloads;
- App Lock Manager – over 10 downloads.
All these programs performed their functions and really allowed you to edit photos, show the horoscope and optimize Android. To access all the features or remove ads from applications, users were only asked to log in to Facebook.
For this, a standard authorization form was displayed, where the victim had to enter a username and password, which were immediately intercepted by a special script. After the victim entered the social network, the applications stole cookies from the current authorization session and also sent them to the attackers’ servers.
Now, most of these applications have already been removed from Google Play, but they still remain on other sites and users’ smartphones. If you have used any of them, then it is recommended to delete them. Then change your Facebook password.