Google is claimed to have eliminated 25 apps from its Google Play retailer that had been caught stealing Fb credentials. In accordance with the French cyber-security agency, Evina, these malicious apps collectively had over 25 lakh downloads. The apps reportedly provided totally different functionalities, although they used the identical methodology for extracting customers’ credentials. A few of the apps had been obtainable on the Google Play retailer for over two years earlier than they had been lastly eliminated, the cyber-security agency highlighted.
The findings had been revealed in a weblog submit by Evina and had been first reported by ZDNet. Google eliminated the apps earlier in June after the cyber-security agency reported its potential menace in Might this yr. Most of those malicious apps provided new wallpapers, whereas others offered video enhancing instruments and flashlight instruments. Apps similar to Tremendous Wallpapers Flashlight and Padenatef had over 5 lakh downloads every on Google Play.
How did the apps steal Fb credentials?
In accordance with Evina, as soon as the person launched the contentious app on their smartphone, the malicious app detected what app a person not too long ago opened and had within the telephone’s foreground. “If it’s a Fb software, the malware will launch a browser that hundreds Fb on the similar time. The browser is displayed within the foreground which makes you suppose that the applying launched it,” the cyber-security agency explains.
As soon as the person put their Fb login particulars on the phishing web page (which encompasses a black bar as an alternative of a blue bar of the unique Fb app), the malicious then despatched the credentials to a distant server. This might doubtlessly enable attackers to entry all knowledge saved on the Fb account and even enable them to entry different web sites the place customers’ have logged in through their Fb account.
Evina, nonetheless, has not clarified how these malicious prevented detection by Google’s Play Safety service. The total record of those malicious Android apps is listed on Evina’s web site.
ZDNet citing the cyber-security agency notes that all the 25 malicious apps had been developed by a single menace group.
Read More Tech News
