Skip to main content

These popular Android apps were secretly scraping Facebook login details

(Image credit: Shutterstock.com)

Android users have again been warned to up their security awareness after more malicious apps were pulled from the Google Play Store.

Overall, 25 Android apps were removed after they were found to be targeting user Facebook login information, with apps posing as mobile games, video editors, wallpaper apps and fitness trackers.

The malicious apps, some of which had been on the Play Store for more than a year, had been downloaded more than 2.34 million times in total, warned security firm Evina, however users should no longer be at risk thanks to Google's own security protections.

Android security

In its report, Evina noted that the 25 apps all originated from the same cybercrime group, and despite offering some basic functionalities, all in fact hid malicious actions.

The researchers found that the apps contained code that was able to detect recently opened services on the target device, including what apps were open in the foreground and background. 

If Facebook was open in the foreground, the malicious app would launch a web browser window containing a fake Facebook login page overlaying on top of the real app, attempting to try and trick users into entering their details into the fake page, which would then send these details off to a remote server. 

Evina reported the 25 malicious apps to Google at the end of May, with the search giant taking the apps off the Play Store this week after confirming the findings. Google says it disables any apps removed from the Play Store on any user devices that may have downloaded them, with its Play Protect service notifying affected users of any issues.

The news comes soon after tens of thousands of dangerous Android apps were found to be putting mobile users at heightened risk of fraud and cyberattack, suggesting hackers are consistently able to find ways to get around Google’s vetting system.

Via ZDNet