Despite the seemingly unstoppable wave of cyberattacks that should teach users to improve their defenses against, not all internet users learn from their mistakes. Some people recycle the same login credentials across different apps and services. Using the same username, email, and password on multiple sites might be convenient. You only have to remember those details, and then you can log into all the sites you need to. But that’s what hackers count on. That’s why they want to steal your Facebook password, hoping they’ll be able to hack into more sensitive accounts using those credentials.
Researchers discovered that nine Android apps that got more than 5.8 million combined downloads from the Google Play store. The apps included malicious code that allowed hackers to steal Facebook passwords.
A report from Dr. Web (via ArsTechnica) explains that the apps in question looked like legitimate apps. They offered basic photo editing features to mask their malicious purpose. But the developers used the apps to steal Facebook passwords.
Google is aware of the problem, and the apps are no longer available from the Google Play store. But that doesn’t do much for users who had already downloaded and installed any of them.
Facebook password hacked; what next?
The attackers came up with a clever way to steal Facebook credentials. They told users they could eliminate ads simply by logging into their Facebook accounts. Unsuspecting users might have signed in without thinking twice. Using Facebook to log into apps is part of the internet experience, after all.
That’s how the hackers stole the Facebook passwords:
If you use the same username/password combination for Facebook and other online apps, you should consider changing all of them. An attacker with access to your Facebook credentials might try the same combination for your email, internet banking, and online stores. They could do some serious damage with that information. That’s why each app and service must have its own password.
If you have downloaded one of the nine apps below, you should consider changing your Facebook password immediately. Then do the same with every other service where you’ve recycled the Facebook credentials.
You should also check your Facebook account for fraudulent activity and do the same with other online accounts that have the same username and password.
The malicious Android apps
Dr. Web identified all the apps that included malicious code capable of stealing Facebook passwords. It’s unclear how many Facebook users were impacted, but the discovery shows that attackers might employ similar attacks to steal logins from other websites.
Google removing the apps from the Play Store isn’t enough to protect you. You should delete any of the following apps from your devices right away:
- PIP Photo: more than 5.8 million downloads
- Processing Photo: more than 500,000 downloads
- Rubbish Cleaner: more than 100,000 downloads
- Inwell Fitness: more than 100,000 downloads
- Horoscope Daily: more than 100,000 downloads
- App Lock Keep: more than 50,000 downloads
- Lockit Master: more than 5,000 downloads
- Horoscope Pi: 1,000 downloads
- App Lock Manager: 10 downloads
Furthermore, using an anti-virus solution for your Android smartphone or tablet might also help.