A whole bunch of apps have been removed from the Google Play Store because… well, they were stealing user’s Facebook passwords. The nine apps, the most downloaded of which saw more than 5 million people at risk, used quite an unusual tactic to secure those passwords — they asked for them.
Before you go thinking that this is the users’ fault, it’s not. The apps in question offers users the chance to disable ads if they logged in with their Facebook accounts. The login page for Facebook was genuine, but then…
Playing with the Play Store
They went on to explain that this method could have been used to steal login and password info from any service, correctly deployed. There were five different malware versions found across the nine Google Play Store apps, all of which have since been removed. All of the developers responsible for these apps have also been banned outright, but that doesn’t mean they won’t be back under new names and with new details and apps at their command.
The most-downloaded app was PIP Photo, with more than 5 million downloads. Processing Photo had more than 500,000 downloads, Horoscope Daily, Inkwell Fitness and Rubbish Cleaner each had more than 100,000 downloads apiece, while App Lock Keep had more than 50,000 downloads. Here it drops off, with App Lock Manager, Horoscope Pi and Lockit Master accounting for less than 10,000 downloads altogether. App Lock Manager was a relatively early entry — it was downloaded from the Play Store fewer than ten times.