Google removes 25 apps from the Play Store for phishing Facebook log-in details

By Sameer Mitha | Published on 07 Jul 2020

French cyber-security agency Evina reported the 25 malicious apps to Google.

A faux login page was created by the apps on top of the actual Facebook login page to gain this data.

Some of these apps have been on the Play Store for about a year.

Google removes 25 apps from the Play Store for phishing Facebook log-in details
Google removes 25 apps from the Play Store for phishing Facebook log-in details

Want to modernise your banking loan application?

Build an application that analyses credit risk with #IBMCloud Pak for Data on #RedHat #OpenShift

Click here to know more


Google has removed 25 apps from the play store that were phishing users Facebook login details. It is common for users to log in to some apps using their Facebook account. However, these apps got the users credentials by creating a faux login page on top of the actual Facebook login page. French cyber-security agency Evina was the one to report on these apps to Google. 

According to XDADevelopers, “The malicious elements were disguised by legit functionality in these apps. Evina notes that these apps were masquerading as wallpaper apps, image and video editors, flashlight apps, games, and file managers on the Google Play Store.” To put things into perspective, these malicious apps were downloaded more than 2.4 million times. 

ZDNet reports that the French cyber-security agency Evina reported on these malicious apps in may. Some of these apps have more than 5,00,000+ downloads from the Play Store. Some of the apps include Super Wallpapers Flashlight, Wallpaper Level, Video Maker, Super Bright Flashlight, Solitaire Game, File Manager and more. You can check out the complete list of apps here

In the recent past, we have seen cybercriminals take advantage of serious situations like the COVID-19 pandemic to steal users data. With the rate at which information spreads today, it doesn't take long for users to receive an email that reads, “the vaccine for Coronavirus is finally here. Click here to know more.” In a state of panic to know whether the cure is real, you click on the link and without realizing it, you are subject to a phishing, malware or ransomware attack. You can read more about phishing and cyber-attacks here

There are also times when malicious activity is broken up into multiple apps to avoid detection. For example, when you download a flashlight app, you are prompted to download a game or a file manager app. If you do, it is possible that part of the malicious code is in the flashlight app and the other half in the fine manager app and when both are downloaded, the malware is on your smartphone. Users should be careful of not only the apps they download but the links they click on as well.

Sameer Mitha

Sameer Mitha lives for gaming and technology is his muse. When he isn’t busy playing with gadgets or video games he delves into the world of fantasy novels.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry. Protection Status