Google has just launched 25 Android malicious apps that steal Facebook login credentials, but their total has been downloaded more than 2.34 million times before then. Analysis by Evina, a French cybersecurity firm, found that despite the different features, the malware was behind the same scene, and they all worked the same way.
It is reported that this group of Android malware wrapped itself into a pedometer, image editor, video editor, wallpaper, flashlight, file manager, and mobile games.
However, Evina researchers point out that while providing general functionality, they also hide malicious code. For example, detect which apps users have recently opened and keep the front desk running.
Take Facebook’s official app, which covers a web browser window at the top of the track and loads a fake Facebook landing page to trick users into logging credentials.
Information entered by phishing page spoofing is passed by malware to the airshop.pw The remote server (now deactivated).
Evina added that it reported to Google at the end of May that it had 25 malwares that stole Facebook login credentials.
Google conducted an investigation earlier in June and quickly put it down. Even so, some Android malicious apps have been stuck in the official Play Store for more than a year.