Google has removed nine Android apps from its Play Store after researchers found the apps were stealing login credentials for Facebook. These include the PIP Photo app, which has been downloaded 5.8 million times.
Security firm Dr Web found ten rogue apps amassing Facebook logins. Nine of them were in the Play Store. These are apps with different functionality, such as photo editing, Android cleaning and horoscope apps.
All apps offered an option to turn off the ads by logging into Facebook. That option did indeed show a login screen for Facebook via WebView. A script was simultaneously loaded via a command & control server to hijack entered credentials and pass them on to the server. After logging into the social network, the malware also stole the authentication cookie.
Dr Web speaks of a trojan in the software and calls it Android.PWS.Facebook.15. There are several variants of this malware in circulation. The apps removed are PIP Photo, Processing Photo, Rubbish Cleaner, Inwell Fitness, Horoscope Daily, App Lock Keep, Lockit Master, Horoscope Pi and App Lock Manager. Pip Photo was the most popular app, with 5.8 million downloads, and Processing Photo was also the most popular with half a million downloads, but App Lock Manager, for example, had only 10 downloads, according to the Play Store.