These popular Android apps were secretly scraping Facebook login details
Facebook account information targeted by 25 malicious Android apps
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Android users have again been warned to up their security awareness after more malicious apps were pulled from theGooglePlay Store.
Overall, 25 Android apps were removed after they were found to be targeting user Facebook login information, with apps posing as mobile games, video editors, wallpaper apps and fitness trackers.
The malicious apps, some of which had been on thePlay Storefor more than a year, had been downloaded more than 2.34 million times in total, warned security firm Evina, however users should no longer be at risk thanks to Google’s own security protections.
Android security
In its report, Evina noted that the 25 apps all originated from the same cybercrime group, and despite offering some basic functionalities, all in fact hid malicious actions.
The researchers found that the apps contained code that was able to detect recently opened services on the target device, including what apps were open in the foreground and background.
If Facebook was open in the foreground, the malicious app would launch a web browser window containing a fake Facebook login page overlaying on top of the real app, attempting to try and trick users into entering their details into the fake page, which would then send these details off to a remote server.
Evina reported the 25 malicious apps to Google at the end of May, with the search giant taking the apps off the Play Store this week after confirming the findings. Google says it disables any apps removed from the Play Store on any user devices that may have downloaded them, with its Play Protect service notifying affected users of any issues.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The news comes soon after tens of thousands ofdangerous Android appswere found to be putting mobile users at heightened risk of fraud and cyberattack, suggesting hackers are consistently able to find ways to get around Google’s vetting system.
ViaZDNet
Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
5 must-have Android apps
