Google Play removes 25 apps that steal Facebook credentials from users: Avina: Avina, a cyber-security firm, noted that these 25 apps collectively had more than 2.5 million downloads. Google is said to have removed 25 apps from its Google Play store that were caught stealing Facebook’s credibility. According to French cyber-security firm Avina, these malicious apps collectively had more than 2.5 million downloads.
Also see : If you’re interested in earning money online click Here
The application reportedly offered various functionalities, although they used the same method to extract users’ credibility. Some apps were already available on the Google Play store for over two years, which were eventually dropped by the cybersecurity firm.
Also see: Google calendar Click Here
The findings were published in a blog post by Avina and first reported by ZDNet. In May this year, Google removed earlier apps in June after the cybersecurity firm reported a potential threat. Most of these malicious apps introduced new wallpapers, while others provided video editing tools and flashlight tools. Apps like Super Wallpaper Torch and PadNetuff on Google Play had over 5 lakh downloads.
How apps steal Facebook credentials?
According to Avina, once the user launched the controversial app on their smartphone, the malicious app detected which app the user recently opened and is in the foreground of the phone. The cybersecurity firm states, “If it is a Facebook application, the malware will launch a browser loading Facebook at the same time. The browser appears in the foreground, making you think the application has launched it.”
Once the user enters their Facebook login details on the phishing page (which features a black bar instead of the blue bar of the original Facebook app), the malicious sends credentials to a remote server. This could potentially allow attackers to access all data stored on the Facebook account or even allow them to access other websites where users have logged in with their Facebook account.
Also see: Lock cells in google sheets click Here
Avina, however, has not clarified how these malicious apps prevent detection by Google’s Play Protection service. The complete list of these malicious Android apps is listed on Avina’s website.
ZDNet quoted the cyber-security firm as saying that all 25 malicious apps were developed by the same threat group.