Google has just deleted a series of Android apps from its Play store that were stealing users’ Facebook logins and passwords.
The apps were first discovered by Dr. Web analysts recently, which found that a series of programs used five different malware variants based on the same JavaScript code to swipe information from users. The apps bearing user-friendly titles such as Horoscope Daily and Rubbish Cleaner would load up a legitimate Facebook login page and then pass your credentials along to its own app and server, along with your cookies. Most staggeringly, the nine apps racked up more than 5.8 million downloads combined.
Google has since removed all the malicious apps and banned its developers from the store, although it is possible for them to create new developer accounts again. The tech giant currently screens for malware via an automated system, but the incident suggests that it might not be tight enough to prevent more subtle scams.
Elsewhere in tech, businesses can now buy TikTok’s secret algorithm.