Google removes 25 apps from its Play Store that were stealing Facebook credentials

midian182

Posts: 5,882   +48
Staff member
What just happened? Once again, Google has been forced to remove apps from its Play Store after their true malicious functions were discovered. In this instance, 25 applications that were collectively downloaded over 2.34 million times were stealing Facebook credentials.

French Cybersecurity firm Evina discovered the apps, which were removed from the Play Store in early June. The programs were disguised as games, flashlights, wallpapers, editing software, QR scanners, step counters, file managers, and more, and while most did perform their intended functions, they also carried out malicious acts.

Evina writes that when an app was launched on an infected phone, the malicious code would query its name. If it was Facebook, the malware would launch a browser that loads a fake login page on top of the official app. When a user entered their details, they would be logged by the malicious app and sent to a remote server.

Grabbing someone’s Facebook login could allow a bad actor to access the account and all the personal info it holds. The hackers could also check to see if the same credentials were used across multiple websites.

The malicious apps

“This malware could effectively ruin your online and offline life by making off with the credentials of one of your most valued pieces of digital real estate,” wrote Evina.

Other apps, which ZDNet reports all came from the same threat group, would perform different unwanted actions, such as overwhelming users with ads and opening up new browser tabs.

The malicious apps were identified by Evina in May and reported to Google soon after. It remains unclear how many people had their Facebook credentials stolen, or how the apps evaded Google’s checks and made their way onto the Play Store.

Permalink to story.

 

trparky

Posts: 768   +704
It's always a reaction, never preventing this crap from Google. And don't sit there and tell me that it's from a lack of money because Google's got the money to have a better app screening process, but they choose not to.
 

Shadowboxer

Posts: 770   +452
Google don’t want the competition! They’re the biggest user data peddlers out there! Just remember, when a service is “free” you’re the product..
 
  • Like
Reactions: Mr Majestyk

Angga B

Posts: 74   +75
Google should have do goods, and actually doing the screening themselves rather than other party.
But they rather choose to do evils, which is to police internet opinions. MEH