Source: Financial Express
Just when you think that your favorite app or social media platform is safe from intruding eyes and malicious intent, there emerges news of yet another data leak or cyber crime. Now it is the turn of Google to admit that 25 applications found on its Play Store had been stealing user credentials from the Facebook app.
Google has since announced that as many as 25 such Android applications have been removed from the Google Play Store though the damage is already done for 2.34 million users who had downloaded one or more of these apps. Which brings us to the question of whether Google and Apple need to further tighten their app approval processes. But, that’s a topic for another time.
In the present case, it appears as though these malicious apps were developed by the same group of app makers and were built to offer diverse sets of features. However, beneath the hood these apps worked in the same fashion, says a report published by ZDNet which quotes French cybersecurity experts at Evina.
The apps often posed as image editors, video editors, wallpaper apps, flashlight applications, file managers, mobile games and step counters. We urge readers to immediate pause and take a look at their Android phones to check if they had downloaded any of the below named apps:
Superwallpapers flashlight | Padenatef | Wallpaper Level |
Contour Level Wallpaper | iPlayer & iWallpaper | Video Maker |
Colour Wallpapers | Pedometer | Powerful Flashlight |
Super Bright Flashlight | Super Flashlight | Solitaire Game |
Accurate scanning of QR code | Classic Card Game | Junk File Cleaning |
Synthetic Z | File Manager | Composite Z |
Screenshot Capture | Wuxia Reader | Plus Weather |
Daily Horoscope Wallpapers | Anime Live Wallpapers | iHealth Step Counter |
com.tqyapp.fiction |
We hope none of the above apps are part of your Android devices now. For, if they are still there, they could still be attempting to steal your Facebook credentials and other stuff because even though Google Play Store has removed these malicious apps, those who downloaded them need to physically remove them from their devices.
The apps offered legitimate functionalities while using malicious code to lop off data related to user credentials. In fact, these malware-infected apps could detect what apps you opened recently and had in the phone’s foreground. If it happened to be Facebook, it would overlay a web browser window on top of the Facebook app, load a fake login page and then steal creds.
Innovation is the name of the game not just with the good guys on the world wide web!