Recently, Doctor’s Web malware analysts found out that there were ten mobile applications which were stealing data about the users’ Facebook passwords and logins.
We live in an age where information is the ultimate key and the person having the information is a person of great worth. Now because of these changes from the information age, there creates a risk of privacy and stealing of data or information.
Private information when stolen is seen as a crime and as we are getting developed in technology each day, people are becoming more conscious about their privacy. Strict laws and tools have been made by various authorities and organizations to protect the privacy of their citizen and their customer respectively. However still some cases are continuously found where there is a risk to privacy in most cases it is online. As the first paragraph introduces, the 10 apps which were stealing user data, 9 out of those 10 applications were openly available on Google Play Store.
The analysis disclose that these applications (Stealer Trojans) were showed and made available as applications that will not cause any harm and were installed a million times. Yes that’s right. That is a big number. Furthermore as Google has always displayed itself as safe and an entity that always protect user’s privacy, it immediately removed all those nine applications from the Google Play Store after the report regarding these applications was made to the company regarding the stealing of data.
These stealer Trojan Applications deceived the users by a special apparatus. When the required settings are given access to, these applications loaded the official Facebook page:- https://www.facebook.com/login.php into WebView. next, they would load JavaScript received in the same WebView. This JavaScript would then be used to commandeer the entered login information.Once done, the JavaScript with the methods provided by the JavaScriptInterface annotation would send the information to the Trojan Applications and then to the attacker’s server.
After the person whose credentials were stolen would log in their account, the Trojan applications stole cookies and would send it to the cyber criminals. Here is the list of these applications:
- PIP Photo – 50 lac plus downloads
- Processing Photo – 50 lac plus downloads
- Inwell Fitness – 50 lac plus downloads
- Lockit Master – 50 lac plus downloads
- Rubbish cleaner – 10 lac plus downloads
- Horoscope Daily – 10 lac plus downloads
- App Lock Keep – 5k plus downloads
- Horoscope Pi – 1k plus downloads
- App Lock Manager – 10+ downloads
My personal suggestion is to avoid things (ultimately the use of applications) like horoscope or forecasting in this era of science. Where horoscope and astrology doesn’t have a base. Also Android phones nowadays comes with in built photo editors, app locks and cleaners and thus it is better to avoid these kind of third party applications mentioned in the above list as much as you can for protecting your data.