85 Credential-Stealing Apps Found on Google Play Store

A couple of days ago HackRead exclusively reported on a Fidget spinner app that has been sending other apps data to a server in China. Now, IT security researchers at Kaspersky Lab identified around 85 apps in Google Play during October and November 2017 that were stealing credentials for VK.com, a Russia-based social networking platform.

A majority of these apps were listed in the Play Store in October while some were uploaded in July. One of them had over a million downloads whereas some apps had around a thousand installations. Many apps were quite popular among users since 7 apps had approx. 10,000 and 100,000 downloads and 9 of them were installed between 1,000 and 10,000 times.

The apps that were most popular were gaming apps submitted to Google Play during April 2017. These apps were although uploaded without any malicious code after an October 2017 update, these were equipped with credential stealing capabilities. Over a million downloads were gathered by one of the gaming apps in just 7 months.

Screenshots of three infected apps shared by Kaspersky

“These apps were not only masquerading as Telegram apps, they were actually built using an open source Telegram SDK and work almost like every other such app,” researchers wrote in a blog post.