25 apps caught stealing users’ Facebook credentials removed from Play Store: Report

Hemani Sheth Mumbai | Updated on July 01, 2020 Published on July 01, 2020

Google has removed 25 mobile apps from Play Store that had allegedly been caught stealing users' Facebook credentials, according to reports.

The malicious Android applications were caught stealing Facebook credentials and were reported by French cybersecurity firm Evina.

Before they were taken down from Play Store, the 25 apps had been collectively downloaded over 2.34 million times, ZDNet reported.

According to Evina’s report, the apps were uploaded to the app store under the guise of flashlight applications, file managers, wallpaper apps, mobile games and health apps, among others.

They seemed legitimate in terms of functionality. However, hackers had inserted malicious code into them, which were used to detect a user’s recent activity, the report said.

The app targeted the user’s social media account by overlaying a web browser on top of the official Facebook app, and presenting a fake Facebook login. The app would thus steal the user’s Facebook credentials with the fake login.

Phishing attempts by the 25 apps was reported to Google by the end of May, Evina said.

The malicious apps are believed to have been developed by the same threat group and worked in a similar manner, Evina said.

The French cybersecurity firm has also detailed the malicious activity on its website with a complete list of the apps.

Published on July 01, 2020
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.