Google Play Store Photo Editor Apps Are Actually Android Malwares! Uninstall 3 Dangerous Apps Now

A bunch of Android apps listed on the Google Play Store were recently discovered stealing Facebook users’ credentials, running ad campaigns and collecting payment information. Unfortunately, over 500,000 unaware users have already installed them.

Typically, many available apps on Google Play Store would ask users if they want to “sign in with Facebook.” This option makes it easier for the users to remember their account details and for the app to quickly verify the users’ identity.

Unfortunately, malicious actors have exploited this system, using the linked-up account details to steal sensitive user information.

Android Malware Discovered: Do Not Download These Apps

Sources from BleepingComputer explained the nature of this newly discovered malware. They received technical advice from Tatyana Shishkova, an Android malware analyst at Kaspersky, and Maxime Ingrao, a security researcher at Evina.

To quickly summarize, these apps would first ask for Facebook account credentials via “sign in.” It would then collect Facebook account information via encrypted JavaScript. The malicious app would eventually access Facebook Graph API, where it would see ad campaigns and stored payment information. Eventually, the hacker would create their own ad campaigns. Hackers would also connect the victim’s Facebook credentials and link their payment information on the newly developed campaign.

The Android apps discovered with this malware are:

  • Blender Photo Editor – Easy Photo Background Editor
  • Magic Photo Lab – Photo Editor
  • Pix Photo Motion Edit 2021

Ingrao explained in detail how he found the suspicious codes on these apps. “I noticed the suspicious code first by doing a dynamic analysis. I noticed that the WebView was running JavaScript to retrieve the credentials. Then I downloaded the code and I recoded the function that decrypts the texts inside the code, that’s how I found the executed JavaScript and the calls to the Facebook Graph API,” per BleepingComputer

Android users are warned to be extremely careful because these apps had “passed” Google Play Store’s standards. Users who recognize these apps should immediately uninstall them now. 

Read Also: Google Warning: Hackers…