Google Play Removes 25 Apps Caught Stealing Facebook Credentials From Users: Evin
Google is claimed to possess removed 25 apps from its Google Play store that were caught stealing Facebook credentials. consistent with the French cyber-security firm, Evina, these malicious apps collectively had over 25 lakh downloads. The apps reportedly offered different functionalities, though they used an equivalent method for extracting users’ credentials. a number of the apps had been available on the Google Play store for over two years before they were finally removed, the cyber-security firm highlighted.
Also See – TikTok Removed From App Store, Google Play .
The findings were published during a blog post by Evina and were first reported by ZDNet. Google removed the apps earlier in June after the cyber-security firm reported its potential threat in May this year. Most of those malicious apps offered new wallpapers, while others provided video editing tools and flashlight tools. Apps like Super Wallpapers Flashlight and Padenatef had over 5 lakh downloads each on Google Play.
How did the apps steal Facebook credentials?
According to Evina, once the user launched the contentious app on their smartphone, the malicious app detected what app a user recently opened and had within the phone’s foreground. “If it’s a Facebook application, the malware will launch a browser that loads Facebook at an equivalent time. The browser is displayed within the foreground which causes you to think that the appliance launched it,” the cyber-security firm explains.
Once the user puts their Facebook login details on the phishing page (which features a black bar rather than a blue bar of the first Facebook app), the malicious then sent the credentials to a foreign server. this might potentially allow attackers to access all data stored on the Facebook account or maybe allow them to access other websites where users’ have logged in via their Facebook account.
Evina, however, has not clarified how these malicious apps avoided detection by Google’s Play Protection service. the entire list of these malicious Android apps is listed on Evina’s website.
ZDNet citing the cyber-security firm notes that each one of the 25 malicious apps was developed by one threat group.
- Chrome flag feature for user protection
- Log in to multiple devices! WhatsApp is coming with new features
- A great app for voice typing
- 25 Apps Caught Stealing Facebook Credentials From Users- Remove From Google Play