Since it is the official android store, it is clear that everything that is downloaded from the Play Store should be safe, since it is carried by Google no less. But the truth is that this is not the case, and apps full of malware, ransomware, and so on, creep in every day. Like these 9 applications that hide malicious code and that have been discovered by the researchers of Doctor Web. Nine apps that have been downloaded a total of almost 6 million times.
9 Android apps that you should delete
According has reported the cybersecurity company Dr. Web, the ‘fake’ applications hid a malicious file within functional software of different types. Among the applications there are password managers, image editors or horoscope apps. The applications were fully functional, which supposedly “it should weaken the vigilance of potential victims ”.
With this, to access premium functions of the applications and, supposedly, to disable in-app ads, users were asked to they will log into their Facebook accounts. Ads within some of the apps were present, and this maneuver was intended to further encourage Android device owners to take the required actions.
Using Facebook as bait
And what if you did? What were you a totally ‘authentic’ Facebook login screen. And it is that these Trojans used a special mechanism to deceive their victims: After receiving the necessary configuration from one of C & C’s servers at the time of launch, they loaded the legitimate Facebook web page ‘https://www.facebook.com /login.php ‘in WebView. They would then load the JavaScript received from the C&C server into the same WebView.
Enlarge
The 9 apps with malicious content
This script was used directly to “hijack entered access credentials.” This JavaScript then, using the methods provided via the JavascriptInterface annotation, passed the stolen username and password to Trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, Trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.
Analysis of the malicious programs by Dr. Web showed that all of them received settings to steal logins and passwords for Facebook accounts. However, the attackers could easily have changed the Trojans’ settings and ordered them to load the web page of another legitimate service.
They could even have used a completely fake login form located on a phishing site. Thus, the Trojans could have been used to steal logins and passwords of any service.
The 9 apps to delete if you have them are:
- Processing Photo, downloaded 500,000 times
- App Lock Keep, downloaded 50,000 times
- Rubbish Cleaner, downloaded 100,000 times
- Horoscope Daily, downloaded 100,000 times
- Horoscope Pi, downloaded 1,000 times
- App Lock Manager, downloaded 10,000 times
- Lockit Master, downloaded 5,000 times
- Inwell Fitness, downloaded 100,000 times
- PIP Photo, downloaded 5 million times
.
