Google has removed nine Android apps from its Playstore after malware analysts discovered they were stealing Facebook users' login credentials.

The apps, which were collectively installed nearly six million times, have been described as 'stealer Trojans' by malware analysts at Dr. Web and were spread as harmless software, reports said. These apps, which sounded like everyday utility apps and tools, provided services such as photo editing, exercises, horoscopes, etc.

Also Read | Microsoft's blue screen of death to appear black in Windows 11

The apps included PIP Photo, installed nearly five million times, Processing Photom installed half a million times. It list also included Rubbish Cleaner, Horoscope Daily, and Inwell Fitness, which were installed nearly 100,000 times, and App Lock Keep, which was installed 50,000 times. The other apps included Lockit Master, Horoscope Pi, and App Lock.

A report said that in these apps, users used to disable in-app ads by logging into their Facebook accounts. “The advertisements inside some of the apps were indeed present and this maneuver was intended to further encourage Android device owners to perform the required actions," the malware analysts said, Silicon Angle quoted.

Also Read | Google releases 1st transparency report under India's new IT Rules 2021

The apps used to steal login credentials of users when they logged into Facebook, and it was shown in WebView with JavaScript, which used to send the login details to the attacker’s command-and-control server without the user's notice, the Silicon Angle report said. After successful Facebook login, Trojan also stole cookies from the users' current authorisation sessions.

The report said that these apps also could have targeted other accounts on service and not only Facebook.

“The attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service,” the analysts said, and added, “They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service.”

Google has not made a public statement on the apps yet.