The developers of 9 apps featured on the Google Play Store had their products and accounts banned after researchers find malicious software.
Google has banned nine Android apps from the Google Play Store after researchers discovered the apps had stolen users’ Facebook login information. Previously, Google announced plans to enact a more thorough verification process for developers on the Play Store in August. Currently, developers can set up a Google Play account by simply providing an email, phone number and paying a one-time $25 setup fee.
The Google Play Store is famous for being a bit laissez-faire with what is allowed on the marketplace when compared to the iOS App Store. The general freedom to customize the user experience is also something Android users have valued about the OS since its launch. But moderation isn’t anything new, and Google has also intervened in less disastrous cases like Robinhood’s.
In a report published by Dr. Web, the investigated apps provided services like photo editing, exercise programs, cleaning out app data caches, and allowing users to password protect individual apps. Every app was fully functional. An investigation by the firm’s malware analysts found the apps used trojan programs to steal login information after loading a legitimate Facebook page to let users link the app to their Facebook account and receive in-app benefits as a result. usually to disable ads. Combined, the nine apps available on Google Play were downloaded about 5.8 million times. The apps are PIP Photo, Processing Photo, Rubbish Cleaner, Inwell Fitness, Horoscope Daily, App Lock Keep, Lockit Master, Horoscope Pi, and App Lock Manager.
How Did They Work?
The internet is rife with an endless amount of scamming attempts, but this is still a staggering discovery. Each of the nine apps used similar file formats and JavaScript scripts in the deployed trojan malware. The apps pulled up the Facebook login page through an in-app instance of Webview and then loaded scripts from connected command and control servers. According to Dr. Web, Once the scripts had been uploaded “JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server.”
Perhaps the most concerning part of the Dr. Web report is that the trojans’ settings could have been easily altered to load web pages of other services like Instagram or Twitter, so the apps could have stolen login information to other services aside from Facebook. Until store policies can keep bad actors like these developers off of their stores, which can never be guaranteed, users should research the developers of apps they’re downloading by combing through user reviews for red flags, performing additional checks, or installing anti-virus programs. Of course, Google could make this easier for everyone by implementing any kind of basic background verification on the Google Play Store immediately, which it says it is planning to do. While the developers of the reported apps have been banned, there are no countermeasures keeping them from simply making a new account and uploading more apps.
RELATED
Source: 24baze
Folow us on https://www.pinterest.com/pin/352125264623732585/
