2 min read

Google Removes 25 Malicious Google Play Apps Stealing Facebook Login Credentials

Alina BÎZGĂ

July 01, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Google Removes 25 Malicious Google Play Apps Stealing Facebook Login Credentials

Last month, Google removed 25 Android apps from its Google Play Store after discovering they were stealing users” Facebook account credentials.

The malicious apps, identified by security company Evina, appeared to be created by the same developer, Rio Reader LLC, and were downloaded more than 2.34 million times before Google decommissioned them.

The apps, which mimicked legitimate applications such as step counters, image editors, video editors, wallpaper apps, flashlight apps, file managers and mobile games, shared the same malicious code, enabling them to steal login credentials of any Facebook user.

“When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time,” researchers said. “The browser is displayed in the foreground which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes java script to retrieve them. The malware then sends your account information to a server.”

Most of the apps appear to have been created in 2019, with downloads numbering between 10,000 and 500,000. This means the bad actors were able to harvest the credentials of many Facebook users before being shut down. The full list of apps, created date and number of installs can be seen below:

Image: Evina

Luckily, when Google removes an app from the Play Store, the company also disables the application installed on users” devices, and notifies customers through its Play Protect service.

Google has been removing apps that are laced with adware or unsafe from its platform since the beginning of the year. While not all bogus apps are discovered and removed in due time, Android users can also play an important role in spotting them.

The next time you search for an app, pay attention to the reviews and number of downloads. Unprofessional-looking apps boasting one-word four- or five-star reviews most harbor a hidden agenda.

You can also check if your private data has been exposed online! Use Bitdefender”s Digital Identity Protection tool to see where you stand at the moment and what the internet knows about you.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Parents’ Credit Card Info Stolen in Australian High School Hack Parents’ Credit Card Info Stolen in Australian High School Hack
Alina BÎZGĂ

January 31, 2023

1 min read
Data breaches affected over 422 million people in 2022, Identity Theft Resource Center says Data breaches affected over 422 million people in 2022, Identity Theft Resource Center says
Alina BÎZGĂ

January 30, 2023

2 min read
Dutch hacker arrested for allegedly selling data of 9.1 million Austrian citizens Dutch hacker arrested for allegedly selling data of 9.1 million Austrian citizens
Alina BÎZGĂ

January 27, 2023

2 min read