Android Apps Banned after Stealing Passwords

Friday, December 15, 2017 @ 02:12 PM gHale

Eighty-five Android apps were kicked out of the Google Play Store after they ended up compromised with password stealing malware.

The compromised apps discovered by Kaspersky Lab was targeting users of Russian-based social network VK.

Android Patch Clears Vulnerabilities
Android Backdoor Steals Social Media Info
Disable Location Services, Google Knows Location
Google Cracking Down on App Misuse

One of the banned apps recorded over 1 million downloads on the Google Play Store.

That app, called “Mr President Rump,” was a game that published in March and its download count took off in the summer. Other apps that ended up banned had been in Google Play for about two years, with installations ranging between 1,000 and 100,000.

The infected apps came with an option to authenticate on VK for various purposes, asking users to provide their usernames and passwords. Typically, games include Facebook or social network functionality for extra features, such as sharing high scores or gaining premium content.

Malware writers most likely wanted to use the stolen VK credentials to boost the number of members of groups or posts, said Kaspersky security researcher Roman Unuchek in a post.

The malware was said to be targeting devices with languages where VK is said to be a popular social network, including Russian, Ukrainian, Kazakh, Armenian, Azerbaijani, Belarusian, Kyrgyz, Romanian, Tajik, and Uzbek.

The apps have already been removed from the Google Play Store, and users who think their credentials might have been compromised are recommended to change passwords as soon as possible.

Leave a Reply

You must be logged in to post a comment.