Google is working hard to remove Android apps that violate privacy laws. Ars Technica reports that nine apps have been removed from Google Play Store by Dr. These trojans were stealing Facebook login credentials, according to Web analysts. These were not obscure titles. The malware had more than 5.8 million downloads combined and was easy to find with titles such as "Horoscope Daily", "Rubbish Cleaner" and others.Apps tricked users into signing up for Facebook, loading the fake page. However, the apps loaded jаvascript from a command control server to "hijack" their credentials and pass them on to the app (and the command server). They could also steal cookies from the authorization session. Facebook was the victim in all cases, but the creators could have easily directed users to other internet services.Five malware variants were included in the mix. However, all used the same jаvascript code as well as configuration file formats to steal information.Ars reported that Google had banned all app developers from its store. However, this might not prove to be a significant deterrent as the perpetrators will likely create new developer accounts. Google might need to screen for malware to prevent attackers.It is unclear how these apps were able to accumulate as many downloads after the takedown. Google's automated scanning keeps malware from the Play Store. However, the subtlety and sophistication of the technique may have allowed the rogue apps to slip through these defenses and left victims unaware that their Facebook information was in the wrong hands. It doesn't matter what the reason, you should be careful about downloading utilities from unknown developers.
