Google Puts Down 9 Apps from Playstore for Stealing Facebook Credentials

As reported by security researchers at Dr.Web, Google has taken down nine applications from the official Google Play Store due to the malicious acts from these apps using specialized operations to get users’ Facebook credentials without their knowing.

What they did was basically as similar as what phishing platforms generally do. By tricking users into a link to input Facebook information for disabling in-app ads, all these applications can get their information pretty easily. They’ve been using specialized JavaScript code to get the users’ login account, along with the passwords.

As stated by those researchers, the script was used directly to trick a user into inputting their Facebook information. The flow was by transporting the credentials back to Trojan applications, then transferred again to the attackers’ server. The Trojan apps get users’ information by the time they login into their accounts. Some parts of the output are also sold in underground markets.

Nine Apps that Removed from Playstore

We have a list here of the removed applications that were put down for good. Surprisingly, one of the apps surpassed a million downloads, which could easily trick the newcomers. All the apps in order are:

• PIP Photo
• Processing Photo
• Inwell Fitness
• Horoscope Daily
• Rubbish Cleaner
• App Lock Keep
• App Lock Manager
• Horoscope Pi
• Lockit Master

The most popular one is PIP Photo, with 5 million downloads. The number is just mind-blowing. As you can see, photo processing apps and lock managers are ironically being the most downloaded here. With the number of downloads, it’s pretty easy for unknowing users to come into the same trap.

Especially with around millions of downloads, it’s tough to resist. But even when they seemed to be genuine, they’re but a line of traps set to overtake our accounts.

Be always careful; though the apps have been deleted from Playstore, they still exist somewhere on third-party platforms. Don’t ever download them again from these sites. It’s also the main reason why you shouldn’t download any app that comes from outside Play Store. Please take a moment to read all the reviews to verify whether they’re bots, paid comments, or genuine users.

By doing this, you can be avoided from using malicious apps that look great and genuine, though it’s a façade. Also, equip yourself with layers of protection by adding VPNs and Password Manager.

Make Use of Password Manager

To add another layer of protection, you can install VPN for daily browsing. While it opens up blocked access to all countries, it also allows secured connections over the internet with a masked IP address. You can also configure a VPN on windows for data protection. By having a VPN service at your disposal, you’ll be granted additional protection when browsing, streaming, and gaming online.

Every website you visit requires you to create a particular account that can only be used on that platform. Generally, the account consists of passwords and usernames, and that’s it. With the possibility of stolen data, creating unique passwords for each platform is actually needed. But let’s be honest, making a set of compiled passwords is a tedious job. Nobody wants that. There’s no way to remember various passwords only in mind.

Passwords manager has arrived at the most desperate time. Use all its features correctly to keep yourself secured from the account-breach risks. There’s no need to remember strong, barely recognized passwords anymore. It can store your passwords or even generate a new, unique one.

When you signed up for a password manager, the first thing to do is to set the master password. It’s essential to encrypt all your data and contents of passwords stored in the vault. Make the master password memorable while also demanding to copy or be detected by others. Make it to be unique but also personal so you won’t easily forget. Keep in mind that the master password is likely unrecoverable.

You also need to have two-factor authentication to make your passwords more secured. Whether it’s by SMS or TOTPs, pick the one you are entirely comfortable with. But, the best one you need to consider is the OTP-based keys.

Before actually putting yourself in a particular password manager, make sure that you verify whether it supports multiple platforms or not. Aside from full support to Windows, a better password manager is the one that has support for browsers as well. They’re fully integrated now with a browser extension that can be installed any time.

Full support for mobile devices is the best and should be a vital requirement for any modern password manager since most people would use their mobile devices all the time. No one wants to type something like uDKE*@=@MADSEW on the tiny keyboard. Fortunately, some password managers also support the use of face recognition and fingerprint features to fill the credentials.