Australia markets closed
  • ALL ORDS

    7,664.20
    -31.00 (-0.40%)
     
  • ASX 200

    7,392.60
    -24.80 (-0.33%)
     
  • AUD/USD

    0.7393
    -0.0005 (-0.06%)
     
  • OIL

    73.22
    -0.40 (-0.54%)
     
  • GOLD

    1,834.10
    -1.70 (-0.09%)
     
  • BTC-AUD

    53,719.54
    -750.78 (-1.38%)
     
  • CMC Crypto 200

    944.54
    +14.18 (+1.52%)
     
  • AUD/EUR

    0.6212
    -0.0006 (-0.09%)
     
  • AUD/NZD

    1.0545
    -0.0001 (-0.01%)
     
  • NZX 50

    12,594.52
    -134.33 (-1.06%)
     
  • NASDAQ

    15,048.36
    +30.26 (+0.20%)
     
  • FTSE

    7,007.68
    -70.74 (-1.00%)
     
  • Dow Jones

    35,084.53
    +153.60 (+0.44%)
     
  • DAX

    15,465.90
    -174.57 (-1.12%)
     
  • Hang Seng

    25,880.44
    -434.88 (-1.65%)
     
  • NIKKEI 225

    27,283.59
    -498.83 (-1.80%)
     

Google removes popular Android apps that stole Facebook passwords

·Associate Editor
·1-min read

Google is still racing to pull Android apps that commit major privacy violations. Ars Technica notes that Google has removed nine apps from the Play Store after Dr. Web analysts discovered they were trojans stealing Facebook login details. These weren't obscure titles — the malware had over 5.8 million combined downloads and posed as easy-to-find titles like "Horoscope Daily" and "Rubbish Cleaner."

The apps tricked users by loading the real Facebook sign-in page, only to load JavaScript from a command and control server to "hijack" credentials and pass them along to the app (and thus the command server). They would also steal cookies from the authorization session. Facebook was the target in each case, but the creators could just have easily steered users toward other internet services.

There were five malware variants in the mix, but all of them used the same JavaScript code and configuration file formats to swipe information.

Google told Ars it banned all the app developers from the store, although that might not be much of a deterrent when the perpetrators can likely create new developer accounts. Google may need to screen for the malware itself to keep the attackers out.

The question, of course, is how the apps racked up as many downloads as they did before the takedown. Google's largely automated screening keeps a lot of malware out of the Play Store, but the subtlety of the technique might have helped the rogue apps slip past these defenses and leave victims unaware that their Facebook data fell into the wrong hands. Whatever the cause, it's safe to say that you should be cautious about downloading utilities from unknown developers no matter how popular they seem.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting