Google has removed 25 apps from the Play Store. A necessary action, that of the Mountain View giant, since these applications were potentially very dangerous.
The 25 apps, in fact, we’re unable to steal Facebook log in data of users who downloaded and installed them on their devices. The French IT security company made this discovery, Evina, which explained in detail the fraudulent operation of these apps.
Although they present themselves as games and entertainment apps, they all use the same method to obtain user credentials. Some apps were available on the Google Play store for over two years, as pointed out by the IT security company.
The results were published in an Evina blog post and were reported for the first time by ZDNet. Google has removed the apps at the beginning of June, one month after being reported by the cybersecurity company. Most of these malicious apps offered new wallpapers, while in other cases they were video editing tools or games.
According to Evina, the apps installed on the devices could see what other apps had recently been opened by the user. “If it’s Facebook, the malware will launch a browser that overlaps the famous social network. The browser appears in the foreground, tricking the user into launching the application, ”explains the IT security company.
Once the user has entered the Facebook login details on the phishing page (which features a black bar instead of a blue bar from the original Facebook app), the corrupt app sends credentials to a remote server.
A potentially serious situation, which could allow hackers to access all the data stored on the Facebook account or even allow access to other websites where users are logged in via their Facebook account.
Evina hasn’t made it clear how these malicious apps prevented the service from being detected by Google Play Protection. The ZDNet site, which incorporates what the IT security company reported, notes that all 25 malicious apps have been developed by a single group.