Dodgy Android apps steal passwords

The Australian, 8 July 2021

Anti-virus vendor Dr Web says it has detected 10 dodgy Android apps that steal Facebook users’ logins and passwords. “These stealer trojans were spread as harmless software and were installed more than 5,856,010 times,” it says in a blogpost.

It names the six apps as a photo-editing software called Processing Photo, a Rubbish Cleaner app from the developer SNT.rbcl, a utility that optimises the Android device performance.

“It was downloaded over 100,000 times. Dr.Web detects it as Android.PWS.Facebook.13,” it says.

There were multiple security applications that allow access limitations for using other software installed on Android devices: App Lock Keep from the developer Sheralaw Rence, App Lock Manager from the developer Implummet col, and Lockit Master from the developer Enali mchicolo were three the company named.

There were astrology programs Horoscope Daily from the developer HscopeDaily momo and Horoscope Pi from the developer Talleyr Shauna, a fitness program called Inwell Fitness, and an image editing app called PIP Photo that was spread by the developer Lillians.

“The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps’ functions and, allegedly, to disable in-app ads, users were prompted to log into their Facebook accounts.

“The advertisements inside some of the apps were indeed present, and this manoeuvre was intended to further encourage Android device owners to perform the required actions.”

Dr Web says analysis of the malicious programs showed that they all received settings for stealing logins and passwords of Facebook accounts.

“However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site.

“Thus, the trojans could have been used to steal logins and passwords from any service.”

Dr Web says says nine of the ten apps were available through the Google Play store.

It says it informed Google of its findings, and some of these applications have since been removed from the Play Store. However, of they exist on your phone, you might think about uninstalling them.

Facebook accounts meanwhile continue to be taken over by hackers who gain access to passwords, login, impersonate an owner and attempt to extort money. The hackers change the Facebook password so that a legitimate owner loses access to their Facebook account.