A new research report by security firm Doctor Web has revealed that Android apps with over 5.8 million downloads on Google Playstore have been stealing users' Facebook passwords, reports Business Insider. The report identifies nine trojan apps, including PIP Photo, Processing Photo, Rubbish Cleaner, Horoscope Daily, App Lock Keep, Lockit Mater, Horoscope Pi, App Lock Manager, and Inwell Fitness. The apps mostly help with photo editing and app locking. PIP Photo, which has been downloaded 5 million times, is the most popular among these nine.
The apps, which gained the trust of the user offering real features, then exploited the widespread use of Google and Facebook login to steal passwords. Once the user logged into their account, the trojan steals their cookies which were also sent to cybercriminals, the research firm explained.
After the report went live on July 1, Google removed all these apps from Playstore and banned their developers.