skip to content


With over 5.8 million cumulative downloads- several Android apps – were found stealing Facebook passwords, the latest study by Doctor Web, a security firm, has revealed. According to a report in Business Insider India, the firm said nine apps that offered photo editing and app-lock features were found stealing passwords from users.

Google Play Store had removed only a few of these apps by the time Doctor Web published its study on 1 July. However, by 5 July, all nine apps were removed by Google.

Out of these apps, which have total downloads of 5.8 million, as many as five million downloads were of the PIP Photo App. The other 0.8 million downloads were of the following apps: Rubbish Cleaner, App Lock Keep, Inwell Fitness, App Lock Manager, Lockit Master, Horoscope Daily, Horoscope Pi, and Processing Photo.

Arstechnica reports that Google has banned the developers of these apps, which means they cannot submit any new apps to the Play Store.

It has been recommended that Facebook users who downloaded these apps should change their passwords for security purposes.

As per the publication, the apps allowed users to unlock more features and disable in-app advertisements when they logged in through their Facebook credentials.

The app used to load the page into WebView after receiving the required settings from one of the C&C servers. The JavaScript received from the C&C server was loaded into the same WebView, and the entered login credentials were hijacked using the same script. The stolen login credentials were then passed to the trojan applications using the methods provided through the JavascriptInterface annotation.

Share your love

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

error: Unauthorized Content Copy Is Not Allowed