Jump to content
Login new information ×
Login new information

Google removes 25 Android apps caught stealing Facebook credentials

zanderthunder

By zanderthunder
in Security & Privacy News

Recommended Posts

zanderthunder

zanderthunder

Posted
Posted

The malicious apps were downloaded more than 2.34 million times.

 

apps-stealing-facebook-credentials.png

 

Google has removed this month 25 Android applications from the Google Play Store that were caught stealing Facebook credentials.

Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times.

 

The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same.

 

According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games.

 

The apps offered a legitimate functionality, but they also contained malicious code. Evina researchers say the apps contained code that detected what app a user recently opened and had in the phone's foreground.

 

If the app was Facebook, the malicious app would overlay a web browser window on top of the official Facebook app and load a fake Facebook login page (see image below: blue bar = actual Facebook app, black bar = phishing page).

 

facebook-phishing-page.png

 

If users entered credentials on this phishing page, the malicious app would log the data and send it to a remote server located at (the now-defunct) airshop.pw domain.

 

Evina said it found the malicious code that stole Facebook credentials in 25 apps they reported to Google at the end of May. Google removed the apps earlier this month, after verifying the French security firm's findings. Some of the apps had been available on the Play Store for more than a year before they were removed.

 

The full list of 25 apps, their names, and package ID, are listed below. When Google removes malicious apps from the Google Store, the company also disables the apps on a user's devices and notifies users via the Play Protect service included with the official Play Store app.

 

apps-stealing-fb-creds.png

 

Source: Google removes 25 Android apps caught stealing Facebook credentials (via ZDNet)

Link to comment
Share on other sites
  • Replies 2
  • Views 646
  • Created
  • Last Reply
Ryrynz

Ryrynz

Posted
Posted

And these stores are meant to be a safe place to install apps from.. One app was on the marketplace for two years! WTF Google, review the apps on the app store before publishing them.

Link to comment
Share on other sites
zanderthunder

zanderthunder

Posted
  • Author
Posted
2 hours ago, Ryrynz said:

And these stores are meant to be a safe place to install apps from.. One app was on the marketplace for two years! WTF Google, review the apps on the app store before publishing them.

And surprisingly, the app is able to pass Google's rigid Play Protect as well.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...