One of the reasons why you would choose to use Google’s Play Store as your app store of choice is because of the various security measures that Google has in place. The company not only reviews apps that are submitted to the store, but there are also systems in place to ensure that they are free of malware.
Unfortunately, sometimes some apps can somehow slip under the radar, such is the case with a bunch of apps discovered by Dr. Web in which these apps had the ability to trick users into giving up their Facebook passwords. These apps also appeared to be very popular where it was estimated that combined, these apps managed to rack up over 6 million downloads. According to Dr. Web:
“After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server.”
Thankfully, Google has since removed all the offending apps from the Play Store. The company has also banned the developer accounts as a result. We’re not sure how many users might have been affected, but if you have downloaded any of these apps and used Facebook to login, then maybe you might want to consider changing your password ASAP.
Source: 9to5Google