200 Android apps with password-stealing malware

0
35
descubren alrededor de 200 aplicaciones android infectadas con un malware que roba contrasenas.jpg
descubren alrededor de 200 aplicaciones android infectadas con un malware que roba contrasenas.jpg

Although many of us always try to install apps from official sources, there is a risk that these may also be susceptible to being corrupted by an external agent in an attempt to get hold of information stored on our smartphone, including passwords.

The latter is the premise of facestealer, a newly discovered malware in a set of android appswhose operation aims to obtain the passwords of the users to access these, as well as other services.

Such was the effectiveness of this malware to infiltrate, that its presence was detected in 200 apps, which are installed on a large number of Android smartphones.

Although a list with all the Play Store apps in which the presence of this malware was detected has not been revealed, all of them have been discharged.

Going into detail about the deleted apps, it was found that many of them belonged to different categoriesthus helping to expand the malware’s radius of action.

Likewise, it was possible to show that the malware tended to hide in training apps and VPNs. Other infected apps claimed to serve as a alternate camera or also as image editing tool.

In case you have this type of apps installed on your smartphone, it is recommended that you search for them in the Play Store. If they do not appear in the results, proceed to uninstall them immediately.

So far, these are some of the apps that have been affected by Facestealer:

  • Swarm Photo
  • Panorama Camera
  • Photo Gaming Puzzle
  • Daily Fitness OL
  • Enjoy Photo Editor
  • Business Goal Manager
SEE ALSO  YouTube Kids is going to disappear from Android TV this year. This way the little ones at home can continue accessing the catalog

When accessing one of the infected applications Facestealer shows the user a Facebook access screen from the browserso that it enters its credentials as a previous step to access the app interface.

Once the requested data was entered, they ended up being collected by a JavaScript-based code snippet. From there the server took care of copying this data and sending it to designated servers to store the passwords of the different applications.

In addition to this, the malware launched the bulk sending of cookies that returned to the server with a large volume of user information obtained fraudulently. Along with the advice given a few paragraphs above, it is recommended to change the passwords of the apps and services installed on the mobile that are not infected.