Popular doesn’t necessarily mean it’s safe. That’s what we’re seeing from a new report which has led to Google removing nine apps from the Google Play Store. The nine apps recently surfaced in a report by security firm, Dr. Web, these apps were providing fully functional service while stealing users’ Facebook login information.
The apps in question had different malware variants in their coding. Their developers incentivised surrendering user information by offering a “free upgrade to Pro” when a user opted to log in with their Facebook account. Once the unassuming user did this, the app would intercept and hijack the login credentials. The apps, identified as trojans, used an intermediary server to spoof and collect Facebook information and cookies.
A total of five malware variants were found in these apps. All of them were classified under the same trojan by Dr. Web. Three of these variants were apparently developed natively for Android while another two were done using Google’s Flutter framework. The latter of the types pose an increased risk to users as the framework allows apps to be developed across multiple platforms. All of these malware variants shared identical configuration file formats and identical JavaScript code to steal data.
According to the report from Dr. Web. The apps in question are:
If you have downloaded any of these apps in the past or still have them on your phone. You should thoroughly check your phone for malware. Apps such as Kaskpersky and Malwarebytes are good options to help remove any malware from your device. It goes without saying that you should uninstall these apps immediately.
Google has since removed the apps from the Play Store. Ars Technica states that a Google spokesperson noted that the offending app developers have been removed and banned from the Play Store.