Android is an open-source mobile operating platform that allows users and developers to customize the s**t out of it. However, despite being a Linux-based OS, it’s an undeniable fact that Android is the most security vulnerable platform for smartphones. Of course, its other half being iOS which is known for its ruthless security and privacy measures.
Coming to the Android ecosystem, yet another new batch of viruses was found hiding in the OS’s applications. As if CORONAVIRUS wasn’t enough now we have to deal with new virus’s infesting in applications of Android even after Google claims to be updating its Security patches every month.
According to sources, nine of the viruses found were available on the Google Play Store, Android’s treasured junk box. A study revealed that 10 such apps were found to be laced with a trojan virus. And to a shocking revelation, some of these apps have been downloaded 5 million times, that’s 5 million users in the world who are at risk of their data getting exploited. Seriously Google, this is outrageous.
However, Google Play Store has taken swift action into removing this app, but it’s a request to all those who have downloaded the suspected apps, kindly uninstall them from their devices. according to a report published by DrWeb, a cybersecurity provider, it was found that there exist several malicious apps on Google Play Store that steal Facebook users’ logins and passwords. The report also claims that these apps were installed more than 5,856,010 times.
The common method of stealing information is that when users agreed to login into the service of these apps then they would see a standard social network login form. These trojans use a special mechanism to trick their victims. After receiving the necessary settings from one of the command-and-control (C&C) servers upon launch, they will load a legitimate Facebook web page https://www.facebook.com/login.php into WebView. However, a JavaScript that they received from the C&C server will also be sideloaded into the same WebView. This sideloaded script is used to directly highjack the entered login credentials.
Here’s the list of applications flagged by the cybersecurity service provider:
- Processing Photo by the developer chikumburahamilton
- App Lock Keep from the developer Sheralaw Rence
- Rubbish Cleaner from the developer SNT.rbcl
- Horoscope Daily from the developer HscopeDaily momo
- Horoscope Pi from the developer Talleyr Shauna
- App Lock Manager from the developer Implummet col
- Lockit Master from the developer Enali mchicolo
- Inkwell Fitness from the developer Reuben Germaine
- PIP Photo by the developer Lillian
So if you have any of the above-mentioned apps, then kindly uninstall them for your safety.
