Google Removes 25 Apps From PlayStore For Stealing Facebook Data
As per the report. these malicious apps had collectively 25 lakh downloads.
Google has removed 25 apps from the PlayStore after it was reported by a French cybersecurity firm Evina that these apps were caught stealing Facebook credentials.
As per the report, these malicious apps had collectively 25 lakh downloads.
Most of these apps disguised themselves as games, flashlights, wallpapers, editing software, QR scanners, step counters, file managers and others. Some of these applications did not even perform the tasks they were intended for.
How Were These Apps Stealing Facebook Credentials?
As per the report, once the user has launched the malicious app on their smartphone, the app detects which apps the user recently opened on the smartphone in the foreground.
"If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time,” the cybersecurity firm said.
The browser that the malware has launched acts like a fake Facebook login page where a user would enter his/her credentials and that would get logged in by the malicious app and then sent to a remote server.
When the credentials are collected, a hacker can also use them to check whether any user has used them to log in to other websites.
“This malware could effectively ruin your online and offline life by making off with the credentials of one of your most valued pieces of digital real estate,” wrote Evina.
Other apps that have been reported come from the same threat group but perform different functions like bombarding users with ads or opening multiple tabs while users are browsing the internet.
These apps were reported to Google in May this year and subsequently, Google removed these apps. It is still unclear how many people have downloaded them and are vulnerable to hacks.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)