Google pulls Android apps for stealing Facebook details: do you have any installed?

Nine trojan Android apps had over 5.8 million downloads on the Google Play Store

Google Play Store generic image
(Image credit: Shutterstock)

Google has scrambled to remove a series of Android apps that have seriously breached privacy rules, with malware analysts identifying nine Google Play Store apps that have been secretly pinching users’ Facebook login details.

Before they were removed, the apps collectively ran up over 5.8 million downloads, using trojan apps to steal Facebook users' passwords by hoodwinking victims into entering their private credentials to bypass in-app ads. 

Google has since removed nine apps from the Google Play Store after Russian anti-malware software company Dr.Web discovered the credential-stealing trojan applications, as reported by Arts Technica. While you may have hoped that these nefarious apps were confined to a few Google Play Store oddities, you'd be mistaken. Instead, the malware was found lurking in a range of fully functional apps, including exercise and training apps, photo editing and daily horoscopes. 

The bad actors used seemingly innocuous apps to secure users' trust before offering to remove in-app ads if a user logged in through Facebook. Subsequently, the victims' credentials would then be harvested at the crooks' servers and used to compromise Facebook accounts. 

Google's clean-up job appears to have been very thorough, with Google reportedly permanently banning the apps' developers. Despite this, it's certainly worth checking any of your best Android phones for any of the listed apps — and immediately deleting them if you happen to still have them on your device. 

Below is a list of the trojan Android apps to watch out for:

  • App Lock Keep
  • Lockit Master
  • Horoscope Pi
  • App Lock Manager
  • PIP Photo
  • Processing Photo
  • Rubbish Cleaner
  • Inwell Fitness
  • Horoscope Daily

Persistent malware

Other information from the Dr.Web analysts shows that a further trojan app was found: one that had previously been identified on the Google Play Store some time ago. According to the researchers, the image editing software app EditorPhotoPip had been removed by Google before but had managed to accrue more downloads from unsuspecting users through aggregator websites. 

Given that you have properly removed any of the implicated apps that may be lurking on your smartphone, it's best to also change your Facebook password, alongside any logins to applications that share the same or similar login information. 

Make sure to be cautious of all apps, unless explicitly well-known. In an ideal world, any apps from unknown developers shouldn't be downloaded at all, especially not until there are more rigorous safeguards that can prevent bad actors from invading the Google Play Store. That halcyon place, however, seems a while away for now. 

Luke Wilson

Luke is a former news writer at T3 who covered all things tech at T3. Disc golf enthusiast, keen jogger, and fond of all things outdoors (when not indoors messing around with gadgets), Luke wrote about a wide-array of subjects for, including Android Auto, WhatsApp, Sky, Virgin Media, Amazon Kindle, Windows 11, Chromebooks, iPhones and much more, too.