Update

Google play store, home to new top free apps laden with malwares that might steal your Facebook credentials

Image courtesy; 2-spyware

This Wednesday, Maxime Ingrao, a French Cybersecurity expert in mobile fraud at Evina discovered some malwares in the top new free apps of the Play Store that steal Facebook credentials and some other data. He went public with his findings and uploaded a detailed version of it on Twitter.

Tweet by Maxime Ingrao

The researcher stumbled upon the malware while he installed one of the apps and got suspicious when the app compelled the users to connect Facebook for using the content of the application. He then took a glance at the code of the app and thats when he discovered that it executed commands to retrieve those credentials.

He found two applications, that share the same code, and believes that it is from a new malware family. Both applications are in the same category: photography apps.

“The requests are executed with an Asia/Singapore timestamp so there is a very high chance that the attack originated there”, Ingrao said.

Popularity of apps 

Some of the apps that are infected by a malware exceeds 500k downloads, inlcuding the Pix Photo Motion Edit 2021 and “Magic Photo Lab – Photo Editor”, an app with 50k+ installs and is removed from the Play Store.

According to Maxime, the rankings of the application “Pix Photo Motion Edit 2021” on Play Store of different countries, we see that it is in the first positions of the ranking of new applications in many countries and even first in Mexico. This has allowed it to reach 500k downloads in two weeks.

Working of malware 

The malware launches a webview and runs javascript command to retrieve the values typed by the user.Then it uses the api graph to get the account information. 

Google play store, home to new top free apps laden with malwares that might steal your Facebook credentials 2
Google play store, home to new top free apps laden with malwares that might steal your Facebook credentials 3
Image courtesy; Maxime Ingrao

According to the researcher, the malware retrieves information about the pages you have created on Facebook (the number of fans, the number of people talking about this page, the page rating), about the ad campaigns you have created (the status of the campaigns, the amount spent) and whether you have a registered credit card.

Google play store, home to new top free apps laden with malwares that might steal your Facebook credentials 4
Image courtesy; Maxime Ingrao

“This informations is probably used so that fraudsters can publish ads on the user’s pages and charge ad campaigns with the user’s credit card”, he said.

Maxime confirmed that the threat actors cannot steal credit card information but can use it against the victim on their accounts.

On being asked about the action taken by Maxime told The Digital Hacker that he has notified about the malicious apps to Google via their report forms, but they have not responded yet. Though one of the apps has been removed from the Play Store only before he reported.

Clearly cyber attackers are exploiting people for their lack of knowledge, people need to be more carefull and do little research before downloading unknown apps. 

Nidhi Khandelwal

Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
Back to top button
Close
Close