A French cybersecurity firm, Evina, says they have found 25 apps on the Google Play Store that steal the Facebook credentials of users. This comes weeks after Google had kicked out some malicious apps that did nothing short of bombarding users with ad pop ups. They (Evina) went ahead to reported these latest discoveries to Google.
Google has taken action by removed these apps from the Play Store. You need to uninstall them too (if you have any installed). According to Evina’s report, these malicious apps have 2.34 million downloads. Interestingly, you all 25 malicious apps come from the same group. This could indicate deliberate intent to cause harm.
How they work
These applications prompt users to authenticate their accounts using Facebook’s authentication. However, the link leads to a fake page that looks like that from Facebook. Here, users would enter their Facebook log in details. However, the browser page and application does not have any link.
In addition to stealing user credentials, some users also complained about ad pop-ups, ad notifications, and other malfunctions on their phones.
Although these apps have been kicked out, you should still check whether these applications are installed on your phone. If they are, you need to uninstall them immediately as they could still be causing some damages.