Google has removed 25 Android apps from the Google Play Store after it was discovered that they were stealing users’ Facebook credentials.
The malicious apps, which were collectively downloaded more than 2.34m times, were all created by the same developer. While the apps appeared to be different from one another, they all shared the same code that enabled them to harvest the credentials of Facebook users.
The French cybersecurity firm Evina was the first to discover these apps and the company reported its findings to Google. The apps themselves posed as legitimate applications including step counters, image editors, video editors, wallpaper apps, flashlight apps, file managers and mobile games.
Stealing Facebook credentials
In a blog post, Evina provided more details on how these malicious apps stole users’ Facebook credentials, saying:
“When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes java script to retrieve them. The malware then sends your account information to a server.”
Evina discovered these 25 malicious apps from the developer Rio Reader LLC and reported them to Google at the end of May. After verifying the firm’s findings, Google removed the apps from the Play Store earlier this month.
However, some of the apps were available on the Play Store for more than a year before they were removed which means that the developers were able to steal the credentials of many Facebook users before their operation was shut down.