Remove Android Apps That Steal Facebook Logins

2 days ago | Jacquelyn Balistreri

Remove Android Apps That Steal Facebook Logins

Once again, the Google Play Store has become a refuge for rogue software. A new collection of Android apps was recently discovered that were taking people's Facebook identities and passwords. The Trojan-infected programmers had been downloaded more than 5 million times, indicating that they were well-known.

If you have any of these on your smartphone, you should remove them as well. Here's everything you need to know. Delete these Android apps that infect your phones with financial malware.

Google removed 25 dangerous apps from the Google Play Store after Evina, a French cybersecurity firm, revealed they contained Facebook-hacking malware. That means it's time to double-check your Android device to ensure you didn't naively (or inadvertently) install a bad app.

There are flashlight tools, pedometers, image editors, and other apps on the list, but they are all essentially the same programmers. They all fulfill their various functions as stated, and they all appear to be different on the surface, but they all contain the same malicious code designed to steal your Facebook login credentials.

Delete these Android apps now

According to Doctor Web experts, the Android apps contained a mix of five malware varieties 

How was this accomplished? It's a rather easy enticement technique. People were enticed to join up for the apps. Facebook accounts are required to remove in-app advertisements and gain access to other app features. This is the level at which consumers would readily provide their information when requested by a Facebook login page.

This is the point at which the harmful procedure began. When people log into their Facebook accounts, the applications obtain unique settings that allow them to steal data and load JavaScript from Command and Control (C&C) servers in order to "hijack" people's entered information. Following that, the stolen data was sent to trojan apps and then to the hackers' command and control servers.

Malware analysts uncovered nine Android apps with over 5.8 million installs on the Google Play Store that were stealthily taking users' Facebook login details.

Dr.Web, a Russian anti-malware software provider, discovered trojan apps that collect Facebook passwords by fooling unsuspecting victims into inputting their personal information in order to escape in-app adverts. Fortunately, these Android devices

The apps, discovered by Ars Technica, varied from photo-editing tools to workout programs and horoscope news. One of the malicious programs, "PIP Photo," had 5 million downloads, while others had 10 to 500,000.

To deceive users, the trojan apps would provide full functionality of their services while removing in-app advertisements provided the users logged into their Facebook account through the app.

The programmers would display a valid Facebook login screen, but any information entered would be routed directly to the malicious actors' command-and-control server. With the volume of downloads, millions of Facebook accounts could have been compromised.

While the Android apps are no longer available on the Play Store, it's still a good idea to check whether they're still on your phone and delete them immediately. According to the allegation, Google has permanently barred the app's developers from creating new apps.

Below is a list of the stealing the Facebook logins apps:

  • PIP Photo
  • Processing Photo
  • Rubbish Cleaner
  • Inwell Fitness
  • Horoscope Daily
  • App Lock Keep
  • Lockit Master

Best App Wiki 26

Dr.Web analysts discovered an extra trojan program that had previously made its way onto the Google Play Store during the examination. EditorPhotoPip, an image editing software app, had already been withdrawn but could still be downloaded via aggregator websites.

The security study goes into greater detail on how the hackers obtained the login credentials for Facebook users. If you have downloaded these apps, you should update your Facebook password as well as any other application that may utilize the same login information.

Unfortunately, Android apps pose a significant cybersecurity risk. Cybersecurity was a hot topic earlier this year. Researchers uncovered 13 Android apps that could have exposed over 100 million smartphone users and developers to harmful attacks owing to the exposure of their private data.

Apps deleted from Google Play should be automatically removed from any devices on which they were installed, but it's worth double-checking, especially if you've sideloaded anything on your device. If you are affected, you should immediately reset your Facebook password and update your security settings (activating two-factor authentication is always a good idea).

Normally, I'd urge people to check their app permissions to ensure there's nothing fishy going on behind the scenes, but these apps were duping users with bogus Facebook login pages rather than doing anything nefarious. Having said that, checking app permissions before installing is critical for data security, but don't let your guard down simply because the permissions appear to be good.

Many malware apps and phishing efforts use bogus login screens to capture your social network account information. The safest technique is to only log in through the official app of a social media platform.

However, if you must log in via a web browser, be sure the page is legitimate first. When you view all tabs, double-check everything—the URL, graphics, layout, content, and even the color of the website. If they don't match, it's a forgery.


You go to open up Lightroom or Lightroom Portable, and abruptly you’re incited to log in to your…
While having a meeting in zoom. Sometimes a situation occurs when the participants are divided into…
Udemy is an online platform popularly used by instructors to deliver their online courses and classes.…
Now we are in the modern world, we approach countless websites with many terms. Many people haven’t…
Login, log-on, and sign-in are the terms used to access any operating system and website by using an…
Phishing is a type of deceit used to acquire sensitive personal information such as login credentials,…