Google has removed 25 mobile apps from Play Store that had allegedly been caught stealing users' Facebook credentials, according to reports.
The malicious Android applications were caught stealing Facebook credentials and were reported by French cybersecurity firm Evina.
Before they were taken down from Play Store, the 25 apps had been collectively downloaded over 2.34 million times, ZDNet reported.
According to Evina’s report, the apps were uploaded to the app store under the guise of flashlight applications, file managers, wallpaper apps, mobile games and health apps, among others.
They seemed legitimate in terms of functionality. However, hackers had inserted malicious code into them, which were used to detect a user’s recent activity, the report said.
The app targeted the user’s social media account by overlaying a web browser on top of the official Facebook app, and presenting a fake Facebook login. The app would thus steal the user’s Facebook credentials with the fake login.
Phishing attempts by the 25 apps was reported to Google by the end of May, Evina said.
The malicious apps are believed to have been developed by the same threat group and worked in a similar manner, Evina said.
The French cybersecurity firm has also detailed the malicious activity on its website with a complete list of the apps.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.