All nine apps offered legal services and were downloaded more than 5.8 million times. Security researchers at Dr. Web have discovered these malicious apps and said they used a mechanism to trick the users to give their Facebook ID and passwords.
Google Removes Popular Apps from Play Store with 5.8 Million Downloads
The apps attracted users to disable the in-app ads by adding their Facebook profiles. When the user links their FB account, they see a form asking to enter their Facebook username and password. The form looks genuine, so the users fall for it. Once they enter the credentials, the page is loaded into Android WebView, which was legitimate. The researchers discovered that the hackers loaded malicious JavaScript in the same WebView, to steal the data. The researchers at Dr. Web says, Five malware variants were identified in the apps. From which three of them were Android apps, and the other two used Google’s Flutter framework. All of them are classified as same trojan because they have used similar configuration file formats and JavaScript code. The apps that are now removed from Google Play Store are: All these apps are removed from the store and also banned the publishers of the apps, so they can’t publish new apps. If you have installed any app from the list, uninstall them right now.