Google Removed 25 Android Apps That Were Phishing Facebook Credentials

Evil Android

Google is one of the largest tech companies on the web, and it has Google Play store which is one of the biggest app stores in the world, if not the largest.

With millions of apps available for Android users to download, Google is certainly easing the life of many of its users. Unfortunately, certain easiness comes with some sneaky and malicious intent.

And this is what French security company Evina has discovered.

The company found 25 apps in the Google Play Store that were malicious. While the apps did provide the functionality they were supposed to, they also had malicious code inside of them to show fake Facebook Authentication pages on top of the actual Facebook’s login page.

This fake page prompts users into entering their Facebook credentials, which will then be retrieved using JavaScript to be sent to the malicious actors' server.

And besides stealing users' Facebook credentials, the apps also show annoying pop-ups on infected phone, ad notifications and other glitches.

In other words, the apps that cover a range of categories, from flashlights to image-video editors, not only were phishing for users' credentials, as they were also intrusive.

Making things worse, some of the apps have been on the store for a year or so, and have had a lot of people download them.

On its report page, Evina wrote that:

"New ways of perpetrating fraud are regularly brought to the attention of our cybersecurity experts and we recently discovered new malware that steals Facebook logins."

"This malware could effectively ruin your online and offline life by making off with the credentials of one of your most valued pieces of digital real estate. The malware was embedded in a large number of popular apps."

Phishing is nothing new.

As a matter of fact, the method is one of the oldest ways of getting someone's credentials.

Google on its own is already taking bold steps to stop malware and malicious apps from getting to its Play Store. For quite some times, the company has put security as a priority when scrutinizing apps.

But every now and then, even after Google became more rigorous with Google Play Protect and the App Defense Alliance, some apps could still slip through the cracks and went unnoticed.

And given that Google Play Store is a trusted source, it can be difficult for end-users to protect themselves.

List of the 25 apps that were phishing users' Facebook credentials
List of the 25 apps that were phishing users' Facebook credentials. (Credit: Evina)

Evina continued by saying that:

"Internet-based fraud has become so pervasive that sometimes it seems as if everyone you meet has, at some time or another, been a victim of digital fraud. Often when one is targeted by online fraudsters, the first reaction is ‘why me?’"

"Rest assured that we are all in the same boat and while it is normal for the victim to think they have been specifically targeted, we are actually all targets. Furthermore, we must highlight that victims should never be blamed for the criminal actions of others."

"Fraudsters are everywhere and they are not confined to the DCB sector. They lurk in every nook and cranny of the web and it is the job of experts like Evina to flush them out. Our clients are very helpful in this regard. They regularly provide us with valuable information that helps us lift the lid on what you could call the digital fraud of the day."

Evina also stressed that "victims are not culprits: the app developer, the app store and all other legitimate players involved are simply innocent victims of fraudsters and their malware."

Following Evina's report, Google has removed the apps from the Google Play Store.

Users however, are still required to check whether or not they have any of the malicious apps installed on their phone, and need to uninstall them if present.

To prevent phishing scams in the future, users can install anti-malware apps on their phone, and protect important accounts such as Google Account and Facebook Account with two-factor authentication.

Related: These Android Malware Together Can Steal Social Media Cookies, Researchers Found