The Google Play Store is generally the safest place to obtain apps for your Android smartphone, but every once in a while, some bad actors find their way in. Recently, Google removed a handful of Android apps from the Play Store that tried to steal Facebook passwords.
Dr. Web recently highlighted a “trojan” that was embedded within some Android apps that had the ability to trick users into giving up their Facebook password. Ten apps were observed using the software, most of which were actually available in the Google Play Store and had racked up a considerable number of downloads. The nine apps combined were downloaded over 6 million times.
The software worked by faking the Facebook login screen, making users think that the otherwise harmless app they were using required a Facebook account to function. After entering their password on the screen, the data was then stolen and gave the bad actor access to the unwitting user’s account.
The apps in question included photo editing apps, “App Lock,” a fitness app, and horoscope applications. Some of the apps apparently used Google’s Flutter language. “PIP Photo” was the app that managed the most success, pulling 5.8 million downloads. The rest of the apps were marked as “more than 100,000” or less.
ArsTechnica found that all nine apps have been removed from the Play Store, with a Google spokesperson confirming that the bad actor’s developer accounts have also been banned. Google has also been taking steps to further secure the Play Store recently by adding security requirements for Google Play developers.
More on Android:
- Google Play System update install progress now displayed under boot animation
- Android App Bundles replacing APK format for new Google Play applications in August
- Google Play developers will need to enable 2-Step Verification and meet identity requirements
FTC: We use income earning auto affiliate links. More.