If users agreed and clicked the login button, they saw standard social network login form as shown on the next screenshot: Despite this, all of them can be considered modifications of the same trojan since they use identical configuration file formats and identical JavaScript scripts to steal user data.Īnd this is the message encouraging potential victims to log into their Facebook account:
#FREE FACEBOOK ACCOUNT LOGINS ANDROID#
While the .13, .14, and .15 are native Android apps, the .17 and .18 are utilizing the Flutter framework designed for cross-platform development. This modification was added to the Dr.Web virus database as .15.
#FREE FACEBOOK ACCOUNT LOGINS SOFTWARE#
However, at the time of this news release, some apps were still available for download.ĭuring the course of analyzing of these stealer trojans, we discovered an earlier modification that was spread through Google Play under the guise of an image editing software called EditorPhotoPip, which has already been removed from the official Android app store but still available on software aggregator websites. Upon Doctor Web’s specialists report to Google, part of these malicious applications was removed from Google Play. Its various versions are detected as .17 and .18. an image editing app called PIP Photo that was spread by the developer Lillians.a fitness program called Inwell Fitness, and detected as .14 from the developer Reuben Germaine.The former had more than 100,000 installs while the latter―more than 1,000 installs. astrology programs Horoscope Daily from the developer HscopeDaily momo and Horoscope Pi from the developer Talleyr Shauna, also detected as .13.Rubbish Cleaner from the developer SNT.rbcl―a utility to optimize the Android device performance.They were downloaded at least 50,000, 10 and 5,000 times respectively. applications that enabled access limitations for using other software installed on Android devices: App Lock Keep from the developer Sheralaw Rence, App Lock Manager from the developer Implummet col, and Lockit Master from the developer Enali mchicolo―all detected as .13.It is detected by Dr.Web Anti-Virus as .13 and was spread by the developer chikumburahamilton. a photo-editing software called Processing Photo.Of them, 9 were available on Google Play: In total, our specialists uncovered 10 of these trojan apps. These stealer trojans were spread as harmless software and were installed more than 5,856,010 times. Doctor Web’s malware analysts have discovered malicious apps on Google Play that steal Facebook users’ logins and passwords.