A study from the it security company revealed there are several malicious applications in the Google Playstore. There are 9 applications that are landmarks that can do keylogger or record your confidential data.
The app secretly stole login passwords from Facebook. And this is done when you login on the original Facebook login page.
Researchers from Dr. Web an IT Security company from Russia also revealed, if the nine vulnerable applications have been downloaded 5.8 million times.
How to Steal Your Password
Dr Web explained that one of the playstore's malicious applications under the name of developer chikumburahamilton has a photo editing application. Then after you finish using some features in the application, you will be asked to login to some of your social accounts, such as Facebook. When there is already doing that malicious application immediately replaces the C&C server (command and control server that serves as storing and contol data from the web page). The application then loads the Facebook login page, and loads the JavaScript code onto the C&C server.
This JavaScript code is what works to copy your username and password. This JavaScript code will be copied and sent through the C&C plasu server. Once the user logs into the Facebook app, the malicious app records and stores the original session cookies. Malicious applications in the playstore facilitate the workings of facebook and C&c native page servers. Because they are very easy to take advantage of this weakness that requires you to login.
The list of malicious applications includes:
- PIP Photo
- Processing Photo
- Rubbish Cleaner
- Inwell Fitness
- Horoscope Daily
- App Lock Keep
- Lockit Master
- Horoscope Pi
- App lock Manager
Then if you have already used the application above, immediately delete and change the password. The malicious application application has been banned by the Google playstore, but there is a possibility they can do it again with a different application name, because being a developer in the Google Play store is easy, just with $ 25 there can upload the application on the google play store again even though it has been banned. Take advantage of two-factor authentication for your main account, install a trusted anti-virus app to detect malicious application applications on your android smartphone .
