Security

9 Trojan Apps With 5.8 Million Downloads Discovered on Play Store

Written by Bill Toulas
Last updated July 1, 2021

Researchers at Doctor Web’s have discovered ten malicious trojan apps that steal Facebook credentials, nine of which were available on the Google Play Store, Android’s official app space. In total, the trojans were downloaded more than 5.85 million times, so they have already reached a very wide audience. Dr. Web has reported this to Google, and several of these apps have since been removed, but not all of them.

Here are the apps that are hiding the info-stealing functionality behind something else:

The front-facing functionality of these apps was complete so as not to raise any alarms to the victims. In all cases, the apps asked the user to login to it by using their Facebook account, which is considered normal in general. To further convince the users to log in to their Facebook account, the apps delivered ads that they promised to disable if the victim registered on the platform through social media.

Source: Dr. Web

Obviously, whatever credentials entered on the login forms go directly to the C&C controlled by the actors who then take control of the Facebook accounts or sell the stolen usernames and passwords to others. In most cases, the victim wouldn’t realize the trickery until it was too late.

It goes without saying that if you happen to have any of the above apps installed on your device, you should remove it immediately, run a complete AV scan to unearth any remaining files, and then reset your Facebook account password.

This is a perfect example of why users shouldn't blindly trust the Play Store, let alone third-party app stores. Unfortunately, Trojans like the above can find ways into the official Android store, either by effectively hiding their info-stealing functionality or by introducing it through post-installation updates.

Whenever you are downloading something from the Play Store, check user reviews, consider the developer's details, visit their website, and generally try to evaluate if the app is looking legit or not. Do not grant permissions willy-nilly, and always keep your phone up to date and protected with a mobile security solution from a trusty vendor.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: