Google has removed 25 apps that stole Facebook’s credentials from the Play Store because they contain malicious features. In this case, 25 apps were downloaded more than 2.34 million times, and they stole Facebook’s certificates.
Evina, a French cybersecurity firm, discovered the apps and removed them from the Play Store in early June. These programs are disguised as games, flashlights, wallpapers, editing software, QR code scanners, step counters, file managers, etc., although most programs do achieve the expected function, but also malicious behavior.
Evina, a French cybersecurity firm, says malicious code queries an application when it is launched on an infected phone. In the case of Facebook, the malware launches a browser that loads a fake login page on top of the official app. When users enter their details, they are logged in by a malicious application and sent to a remote server.
Robbing someone’s Facebook login information gives the bad actor access to the account and all the personal information he holds. Hackers can also check if the same credentials are used on multiple websites. By using digital credentials, this malware can effectively ruin the online and offline lives of victims.
ZDNet reports that other apps come from the same hacking group that perform different unwelcome behaviors, such as forcing users to watch ads and opening new browser tags. The malicious apps were identified by Evina in May and reported to Google shortly thereafter. It’s still unclear how many Facebook credentials were stolen, or how the apps evaded Google’s checks and entered the Play Store.