9 Android apps have been removed from Google’s Play Store after security researchers found out they sneakily stole Facebook login credentials from its users. These apps had been downloaded more than 6 million times in total.

The apps apparently offered fully functional features for editing and framing photos, training and exercise, horoscopes, and removing cache/junk files from Android devices, according to a post by security firm Dr. Web

To disable in-app advertisements, users are offered to log in to their Facebook accounts. Those who opted for it got a real Facebook login form containing usernames and passwords. However, they are hijacking the login process to steal the username and password inputs, in addition to the cookies of the authorized session. All the data were sent to the hacker’s servers.

Researchers say there were 5 types of malware hidden inside these apps. Out of the 5, 2 of them were built using Google’s Flutter framework, while the other 3 were native Android apps. Dr. Web says all of them are classified as Trojan containing similar configuration and javascript codes for stealing user data. 


Here’s the list of Android apps and its number of downloads.

  • App Lock Manager: 10 downloads
  • Horoscope Pi: 1,000 downloads
  • Lockit Master: 5,000+ downloads
  • App Lock Keep: 50,000+ downloads
  • Inwell Fitness: 100,000+ downloads
  • Rubbish Cleaner: 100,000+ downloads
  • Horoscope Daily: 100,000+ downloads
  • Processing Photo: 500,000+ downloads
  • PIP: 5.8 million downloads

As of writing, all the malicious applications mentioned above have been removed by Google Play. Developers responsible for uploading them have been banned as well. But that’s not really going to prevent any future security breaches, because the shady developers can simply open up a new developer account using a different name for just a one-time fee of $25.

If Google is really serious about doing something about this, they have to tighten the security audit for apps and games submitted to the Play Store. Otherwise, it will continue to happen over again.

Leave a comment

Your email address will not be published. Required fields are marked *