Google is said to have removed 25 apps from its Google Play store that were caught stealing Facebook credentials.
According to French information-security firm Evina (via ZDNet), the apps amassed over 2.34 million downloads before they were removed from the Play Store in early June.
The programs were disguised as games, flashlights, wallpapers, editing software, QR scanners, step counters, file managers, and more. While the apps performed these functions, the researchers said the apps could also check if the Facebook app is running in foreground.
If that was the case, the apps would then try to fool users into entering their Facebook credentials into a fake Facebook login page.
“When an application is launched on your phone, the malware queries the application name,” the security researchers explained in a blog post. “If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes java script to retrieve them. The malware then sends your account information to a server.”
Evina’s researchers wrote: “This malware could effectively ruin your online and offline life by making off with the credentials of one of your most valued pieces of digital real estate.”
The apps also bombarded users with ads and opened new web-browser tabs, according to angry user reviews on Google Play that were captured by Evina. It’s not clear how many users ended up having their Facebook credentials stolen.
Evina discovered these 25 malicious apps and reported them to Google at the end of May. After verifying the firm’s findings, Google removed the apps from the Play Store earlier this month.