We wanted to tell you this week about 25 different apps that were just removed from Google Play Store. These apps were all caught stealing Facebook information that was entered, such as login credentials. The apps were on Google Play long enough to amass over 2.3 million downloads collectively, which is pretty significant. Read on to learn more details about the apps involved and what exactly these apps were doing that was malicious.
25 Apps Removed from Google Play After Stealing Facebook Login Credentials
Google just removed 25 apps that were on Google Play Store after it was discovered these apps were stealing Facebook login credentials. The apps had been downloaded over 2.3 million times combined and that’s a huge problem. Evina was the cyber-security firm that discovered these threats, which were then shared with Google. The apps themselves all had legitimate functionality, but the issue was that these apps contained malicious codes.
These apps could tell which app someone had opened up recently and also which apps were in the foreground. All of these apps were developed by the same group, offered different features, but all worked the same in terms of coding and development. Apps that were caught stealing Facebook login credentials included Wallpaper Level, Padenatef, Super Wallpapers Flashlight, Video Maker, and Contour Level Wallpaper.
Color Wallpapers, Pedometer, iPlayer & iWallpaper, Powerful Flashlight, and Super Bright Flashlight were also named. Other apps included in this ban were Solitaire Game, Super Flashlight, File Manager, Classic Card Game, Junk File Cleaning, and Synthetic Z. Accurate Scanning of QR Code, Health Step Counter, Composite Z, Anime Live Wallpaper, Daily Horoscope Wallpapers, Screenshot Capture, Plus Weather, and Wuxia Reader also were part of this ban. When you think about it, it seems like wallpaper apps and file manager or cleaning apps are often found to be malicious.
These Android Apps Were Stealthy At Stealing Facebook Credentials
When it comes to how these apps were all able to steal Facebook login credentials, it actually was pretty simple and stealthy. The app basically would overlay a fake web browsing window right over the top of the actual Facebook app. There would be a fake Facebook login screen that would show up, which is where you entered your login credentials instead of the real Facebook page.
This was a phishing page and if you entered your information, the apps would then send this data to a remote server. The data was always logged and saved into this server, which meant hackers could then use your login details for Facebook. Once this information was found by the security researchers, they told Google about it.
After verifying the apps were malicious, Google quickly removed them. The main problem is that some of these apps were on Google Play Store for over a year. That’s actually a long time and could mean that many Facebook accounts have been compromised by these malicious apps.
Were You Using Any of the Above Mentioned Apps Stealing Facebook Login Credentials?
The only good news in all of this is that if you have one of these apps on your device, Google will disable that app and then use Google Play Protect to notify you of the issue. If you do have one of the apps still on your device, you should just delete the app.
Although the app won’t work on your device at this point in time, it’s still important to delete it from your device. Even if you don’t have a real Facebook account and use a fake one, it’s still a good idea to get rid of the app and watch out for any spam or issues with your account.
In the comments below, we want to know whether or not you’ve used any of the apps mentioned as being a malicious app stealing Facebook login credentials. Do you think that Google is doing enough to protect you and your device? Are you someone that relies on Google Play and Play Protect to keep you safe when downloading apps? What other apps have you used that were later found to be malicious in some way? Are you comfortable with using apps in Google Play Store considering how many malicious apps end up on the site even though it’s supposed to weed out fake apps?