Be it any social media platforms, most of us are too busy sharing moments from our life. All these social media platforms claim to keep your passwords safe and secure. However, the reality is a bit different from what it seems to be.
As 85 Android apps were removed from the Google Play Store after it was discovered they were compromised with malware capable of stealing social network passwords from users’ devices.
Ironically, the apps have been available for download for a long time, and one of them recorded more than 1 million downloads on the Google PlayStore.
A gaming app “Mr President Rump,” was published in March this year and its download count skyrocketed in the summer. Other apps have been in the Store for nearly two years, with their installations ranging between 1,000 and 100,000.
The infected apps came with an option to authenticate on VK for various purposes, asking users to provide their usernames and passwords.
Kaspersky security researcher Roman Unuchek said “In October and November 2017 we found 85 new malicious apps on Google Play that are stealing credentials for VK.com. All of them have been detected by Kaspersky Lab products as Trojan-PSW.AndroidOS.MyVk.o. We reported 72 of them to Google and they deleted these malicious apps from Google Play Store, 13 other apps were already deleted. Furthermore, we reported these apps with technical details to VK.com. One of these apps was masquerading as a game and was installed more than a million times according to Google Play Store.”
Most of these apps were uploaded to Google Play in October 2017, but several of them were uploaded in July 2017, so they were being distributed for as long as 3 months. Moreover, the most popular app was initially uploaded to the Google Play Store on March 2017, but without any malicious code—it was just a game. Cybercriminals updated this app with a malicious version only in October 2017, having waited more than 7 months to do so!
The malware was said to be targeting devices with languages where VK is said to be a popular social network, including Russian, Ukrainian, Kazakh, Armenian, Azerbaijani, Belarusian, Kyrgyz, Romanian, Tajik, and Uzbek.
The apps have already been removed from the Google Play Store, and users who think their credentials might have been compromised are recommended to change passwords as soon as possible.