Back to news
July 1, 2021
Removing malware from the iPhone is not as technical as doing the same on an Android device. This is so because of the iOS and the fact that you can only download and install apps from the App Store. Malware on your iPhone will most likely be due to a Jailbreak, and you are downloading apps from untrusted sites.
Protect your computer against sneaky Trojans and other types of malware with the best Trojan remover you can. AVG AntiVirus FREE is a fast, light, and super-powerful Trojan scanner and cleaner. Download our award-winning anti-Trojan software now, absolutely free. Download Free Trojan Remover. Get it for Android, iOS, Mac. But I'm sure that like me you're shocked at how easily someone with bad intentions can create a brand new Android Trojan. It's time to look into mobile security for your Android device.
In total, our specialists uncovered 10 of these trojan apps. Of them, 9 were available on Google Play:
Upon Doctor Web’s specialists report to Google, part of these malicious applications was removed from Google Play. However, at the time of this news release, some apps were still available for download.
During the course of analyzing of these stealer trojans, we discovered an earlier modification that was spread through Google Play under the guise of an image editing software called EditorPhotoPip, which has already been removed from the official Android app store but still available on software aggregator websites. This modification was added to the Dr.Web virus database as Android.PWS.Facebook.15.
The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps’ functions and, allegedly, to disable in-app ads, users were prompted to log into their Facebook accounts. The advertisements inside some of the apps were indeed present, and this maneuver was intended to further encourage Android device owners to perform the required actions.
This is how some of these apps looked upon launch:
And this is the message encouraging potential victims to log into their Facebook account:
If users agreed and clicked the login button, they saw standard social network login form as shown on the next screenshot:
Analysis of the malicious programs showed that they all received settings for stealing logins and passwords of Facebook accounts. However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service.
The Android.PWS.Facebook.15 malicious program that turned out to be an earlier modification of the trojans, is identical to the others. However, it contains additional functionality to output the data into the log in Chinese, which may indicate its possible origin.
The appearance of the Android.PWS.Facebook.15 trojan with examples of its output to the log file are shown below:
Doctor Web recommends Android device owners install applications only from known and trusted developers, as well as to pay attention to other user reviews. The reviews cannot provide an absolute guarantee that the apps are harmless but can still alarm you about potential threats. You should also pay attention to when and which apps ask you to login into your account. If you are not sure that what you are doing is safe, it would be better for you not to proceed any further and uninstall the suspicious program.
Dr.Web Anti-Virus products for Android successfully detects and deletes all known modifications of the Android.PWS.Facebook.13, Android.PWS.Facebook.14, Android.PWS.Facebook.15, Android.PWS.Facebook.17, and Android.PWS.Facebook.18 trojan applications, so they pose no threat to our users.
More details on Android.PWS.Facebook.13
More details on Android.PWS.Facebook.14
More details on Android.PWS.Facebook.15
More details on Android.PWS.Facebook.17
More details on Android.PWS.Facebook.18
To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.