Disinstall these Facebook Passwords Stole malicious Android apps

by -
Photo: sitthiphong (Shutterstock)

techno.rentetan.com – The apps seemed completely working but stole millions of passwords. Dr. Web researchers found nine apps using a genuine Facebook login page that combined over 5.8 million downloads sneakily stole user passwords. Google has prohibits the developer and deletes these 9 apps from the Play Store by writing. But it’s time to change passwords if you have downloaded one of them.

How have applications robbed data?

The developer, Chikumburahamilton, has reportedly produced fully functional apps to edit, practice, horoscopes and clean junk, according to researchers at Dr. Web (among others). Following a point, these apps invite users to log in with Facebook to unlock the application’s full functionality.

If you did, your own C&C server will start the app (a Command-and-Control server controlled by the developer used to copy and store data from a webpage). The loaded app then loaded the Facebook login page after receipt of the settings from the C&C server.

Photo: Dr. Web

The JavaScript then transmitted copied data to the application, which then transmitted it to the C&C server of the app. Upon logging into the application, the app also has stolen cookies that were sent to cyber criminals from the current authorized session.

The applications used only the genuine login page of Facebook in this instance. However, because of the way JavaScript and C&C servers function, they could have done so easily with any service you need to log in.

How can you do that? What can you do?

The first thing to do is to check whether one of these nine applications is running:

  1. PIP Photo
  2. Processing Photo
  3. Rubbish Cleaner
  4. Inwell Fitness
  5. Horoscope Daily
  6. App Lock Keep
  7. Lockit Master
  8. Horoscope Pi
  9. App lock Manager

The first step is to uninstall the application if you have one of these apps installed.

Then you need to reset your password immediately if you are using Facebook login with the app.

Stay alert next. Stay alert. To detect malicious code apps, use a trusted anti-virus application such as Malwarebytes. If possible, avoid connection with random applications downloaded from the Play Store to third-party services such as Facebook. Due to the way that a play store functions, even after it is taken down, it is trivial for developers to reintroduce and resubmit apps (a developer’s license only takes $25).

Finally, activate authentication of two factors on any website that allows, and pair it with a manager of password. This helps you to securely generate and store long passwords. And although a website leak reveals your password, authentication with two factor will protect you against hackers.