Google has reported having removed 25 apps from Google Play Store that were involved in the theft of the users’ credentials of Facebook. According to the France-based cybersecurity firm Evina, the malicious apps were downloaded over 250,000 times.
These apps were reported to be liable for different functionalities even though the way they extracted the credential were the same. The firm also reported that some of the apps were available on the Google Play Store from over two years before they were deleted.
Evina published a detailed report regarding this cybersecurity. The apps were deleted by Google at the beginning of June right after Evina reported the potential threat in May this year. Most of these apps offered new wallpapers, while others offered video editing tools and flashlight features.
Once the users install any of these malicious apps and launch it, the app automatically figures out the app which the user had launched before. The blog post by Evina read: “If it is a Facebook application, the malware will launch the browser that loads the Facebook at the same time. The browser is displayed in the Foreground which makes you think that the application has launched.”
The phishing browser page by the malicious app shows a black bar of Facebook instead of blue. Once the users add the login details of their Facebook on the phishing page, the details are then shared by the apps to a remote server. This would allow the attacker to access all of the stored data of users stored on Facebook. The hacker can also access other websites where the users have logged in via their Facebook account. The blog post by the cybersecurity firm, however, did not explain how Google’s Play Protection services were unable to detect these apps in the first place