The Trojan app was discovered by Dr.Web, a digital security platform, when its researchers shared the same detailed report. According to the report, the Trojan used a special mechanism to obtain the user’s Facebook credentials, including the password. It then sent the retrieved data to the attacker’s server. The report also suggests that the app stole a cookie from the current approval session and sent it to the perpetrator.
App that stole Facebook password
Researchers have identified five malware variants integrated into these apps. Three of these were native Android apps and the other two used Google’s Flutterwork framework, which was developed for cross-platform compatibility.
Come to the app in question, More or less all of them had over 100,000 downloads.. Most of the downloads were for an app named “PIP Photo” that boasts 5.8 million downloads on the Play Store. The second Trojan horse app downloaded was “Processing Photo”, which has been downloaded more than 500,000 times.
Other compromised apps Garbage cleaner (Over 100,000 downloads), Daily horoscope (Over 100,000 downloads), Inwell Fitness (Over 100,000 downloads), App lock keep (Over 50,000 downloads), Lockit master (Over 50,000 downloads), Horoscope pie (Over 1,000 downloads), and App lock manager (Downloaded 10 times or more).
After Dr. Web published the report and labeled these apps as Trojan horses, Google immediately removed all apps from the Play Store.In addition, a spokesperson for the company reported to Ars Technica All developers of these apps are prohibited from publishing the app on the Play Store.
If you downloaded any of these apps to your device, we recommend that you remove them immediately and change your Facebook password immediately. Then you can go to “Did I pwn?” A website to check if your Facebook credentials have been compromised.