![]() Google removing the apps from the Play Store isn’t enough to protect you. It’s unclear how many Facebook users were impacted, but the discovery shows that attackers might employ similar attacks to steal logins from other websites. Web identified all the apps that included malicious code capable of stealing Facebook passwords. These 9 Android apps contain malicious code that can steal Facebook passwords. You should also check your Facebook account for fraudulent activity and do the same with other online accounts that have the same username and password. Then do the same with every other service where you’ve recycled the Facebook credentials. If you have downloaded one of the nine apps below, you should consider changing your Facebook password immediately. That’s why each app and service must have its own password. They could do some serious damage with that information. An attacker with access to your Facebook credentials might try the same combination for your email, internet banking, and online stores. If you use the same username/password combination for Facebook and other online apps, you should consider changing all of them. Those cookies were also sent to cybercriminals. After the victim logged into their account, the trojans also stole cookies from the current authorization session. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. ![]() This script was directly used to hijack the entered login credentials. Next, they loaded JavaScript received from the C&C server into the same WebView. After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page into WebView. These trojans used a special mechanism to trick their victims. That’s how the hackers stole the Facebook passwords: Using Facebook to log into apps is part of the internet experience, after all. Unsuspecting users might have signed in without thinking twice. ![]() They told users they could eliminate ads simply by logging into their Facebook accounts. The attackers came up with a clever way to steal Facebook credentials. But that doesn’t do much for users who had already downloaded and installed any of them. Google is aware of the problem, and the apps are no longer available from the Google Play store. But the developers used the apps to steal Facebook passwords. They offered basic photo editing features to mask their malicious purpose. Web ( via ArsTechnica) explains that the apps in question looked like legitimate apps. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |