Google has removed 25 apps from the play store that were phishing users Facebook login details. It is common for users to log in to some apps using their Facebook account. However, these apps got the users credentials by creating a faux login page on top of the actual Facebook login page. French cyber-security agency Evina was the one to report on these apps to Google.
According to XDADevelopers, “The malicious elements were disguised by legit functionality in these apps. Evina notes that these apps were masquerading as wallpaper apps, image and video editors, flashlight apps, games, and file managers on the Google Play Store.” To put things into perspective, these malicious apps were downloaded more than 2.4 million times.
ZDNet reports that the French cyber-security agency Evina reported on these malicious apps in may. Some of these apps have more than 5,00,000+ downloads from the Play Store. Some of the apps include Super Wallpapers Flashlight, Wallpaper Level, Video Maker, Super Bright Flashlight, Solitaire Game, File Manager and more. You can check out the complete list of apps here.
In the recent past, we have seen cybercriminals take advantage of serious situations like the COVID-19 pandemic to steal users data. With the rate at which information spreads today, it doesn't take long for users to receive an email that reads, “the vaccine for Coronavirus is finally here. Click here to know more.” In a state of panic to know whether the cure is real, you click on the link and without realizing it, you are subject to a phishing, malware or ransomware attack. You can read more about phishing and cyber-attacks here.
There are also times when malicious activity is broken up into multiple apps to avoid detection. For example, when you download a flashlight app, you are prompted to download a game or a file manager app. If you do, it is possible that part of the malicious code is in the flashlight app and the other half in the fine manager app and when both are downloaded, the malware is on your smartphone. Users should be careful of not only the apps they download but the links they click on as well.