(Google) Play time is over as scammers run riot on the Play Store

8th July 2021

You need to be wary of what Apps you are downloading on your devices. Google have removed several Apps from its Play Store that were found to have been stealing people’s Facebook usernames and passwords.

There are a total of nine Apps removed so far, many which are also available on the Android app store and have a combined six million downloads. The most popular App found to be doing this is a photo editing software called PIP Photo which had 5 million downloads by itself.

3 of the Apps that were found to be stealing data were Apps that offered access limitations whilst using other Apps. These were App Lock Key, App Lock Manager, and Lockit Master, which were collectively downloaded around 65,000 times. Other apps include Rubbish Cleaner, Horoscope Daily, and Inwell Fitness. 

Every one of the rogue Apps involved does what they it is designed to, although they all ask for users to use their Facebook credentials to log in so they can remove in-App advertisements. After this is done a legitimate Facebook window will load up followed by JavaScript which is used to send the data to a server that is then used to steal users’ credentials.

A lot of the Apps found to be doing this have been removed from the Play Store, however, a few still remain available for download. As well as these rogue Apps 6 more that use the Joker Fleece ware are still available. To put into perspective, we did an article about how Google were trying to “remove this malware from the Play Store for good” all the way back in September last year. Click here to check it out.

Although steps are being taken to remove infected Applications, it is happening far more slowly than they are being made. This means it is vital that you know what it is you are downloading. If you need any advice on anything relating to malware and applications, please get in touch with us.

Photo by Mika Baumeister on Unsplash