Google continues to rush to remove Android applications that violate user privacy. According to Ars Technica, Google has taken nine applications from the Play Store after Dr. Web researchers determined that they were trojans that stole Facebook login credentials. The virus had a total of 5.8 million downloads and posed as popular programmes like “Horoscope Daily” and “Rubbish Cleaner,” according to the researchers.
Users were duped by the applications, which pretended to visit the official Facebook sign-in page before loading JavaScript from a command-and-control server to “hijack” credentials and send them to the app (and thus the command server). Cookies from the authorization session would also be stolen.
Although Facebook was the intended goal in each case, the designers could have easily directed people to other online platforms. There were five different virus types, but they all swiped data using the same JavaScript code and configuration file formats.
According to Ars, Google has removed all of the app developers from the store, however this may not be enough of a deterrent because the offenders may easily create new developer accounts. To keep the attackers out, Google may need to check for malware itself.
Of course, the question is how the programmes managed to get so many downloads before being taken down. Although Google’s mainly automated filtering keeps a lot of malware out of the Play Store, the technique’s subtlety may have allowed the rogue applications sneak past these protections, leaving users unaware that their Facebook data had been compromised.
Whatever the reason, it’s safe to assume that downloading utilities from unknown developers, no matter how popular they appear, should be avoided.