9 Android Apps removed from Google Play Store for Stealing Facebook Passwords

Are you also the one who keeps on installing newer apps on your smartphone to make your lifestyle a little easier? Well, there is no doubt that today there are a lot of apps that are really great and useful but still there also exist some fake apps/ malicious apps that can harm your smartphone and even your data in it. Now the reseason behind this is a report after which Google removed 9 Android Apps from Play Store and banned their developers for stealing user’s Facebook login credentials.

Why Exactly Google Remove the Apps from Play Store?

Although Google keeps on scanning for such malicious apps, it’s still difficult to recognize which apps are suitable or not. So looking forward to the issue, a research was done by Dr. Web, a Russian Antivirus Software firm, and reported (via Ars Technica) that around 9 apps of Google Play Store contained such malicious code which was used to steal users Facebook login credentials.

Details of Removed Apps from Google Play Store

According to Dr. Web’s malware analysts, these apps were constructed in such a way that they appeared to look and function like legitimate services for purposes like photo editing, exercising, clearing up storage space on your device, and even providing daily horoscope. But in reality, they were meant to trick users and share their login credentials with the app.

Talking about these trojan apps that are now removed from Google Play Store are as follows and have more than a million installations each,

  • Processing Photo
  • PIP photo
  • App Lock Manager
  • Horoscope Pi
  • Inwell Fitness
  • Rubbish Cleaner
  • App Lock Keep
  • Lock It Up
  • Horoscope Daily

How They Really Worked?

9 Android Apps removed from Google Play Store

As they mainly targeted getting your login credentials, they basically asked for it by offering an option to unlock all apps functions and get rid of in-app ads by logging into their Facebook accounts.

Now here’s the thing, we usually don’t pay attention to. Further, the apps load a legitimate Facebook login page having spaces to enter username and password and as soon as you enter the details, they directly go to hackers called command and control servers using some malicious code.

Moreover, all apps have 5 malware variants namely Android.PWS.Facebook.13, Android.PWS.Facebook.14, Android.PWS.Facebook.15, Android.PWS.Facebook.17, Android.PWS.Facebook.18, which uses the same JavaScript code and configuration file formats to take your information.

Talking about the same, Dr. Web researchers wrote in a blog post that,

These trojans used a special mechanism to trick their victims. After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.

For now, all these 9 apps are removed from Play Store and a Google spokesperson has told Ars Technica that “The developers behind these apps have also been banned,” meaning that they can not submit any new apps. And with this, we advise you to update your Facebook login information immediately and check your other online accounts for fraudulent activity:

Is it Safe to Install Apps From Google Play Store?

Well, there are a lot of apps on the Play Store with variations. Although apps have to undergo some test parameters to be eligible on the Google Play Store, still these apps may have probably passed Google Play Store’s review process because they did work as advertised. But then also you can not trust the apps fully.

As in the above case, Google was not able to identify the trojan apps themselves. But it was when Dr. Web discovered and reported that too after so long which might have been proven fatal till now to so many users.

So, readers, this was all about the post. But yes do keep in mind that whenever you install any app, do not be in a hurry to install and use that app and allow all the app permissions. Just calmly and patiently read whatever pops up before allowing it and do the work wisely.


Please enter your comment!
Please enter your name here