Google has deleted 25 apps from its Play Store that have been stealing Facebook credentials. This is in the light of improving user protection and security on a number of its apps which the tech giant promise to do recently. According to the French cyber-security company, Evina, users have already downloaded these malicious apps for over 2.5 million downloads.
The apps offered a variety of functions for users but used the same method for extracting data from users. A number of these apps had been available on Play Store for almost two years before Google finally took them down.
How Those Malicious Apps Steals Users’ Facebook Credentials
According to Evina, once the malicious app was launched on the victim’s device, the app will detect what application is currently running and the other apps in the user’s foreground. If the app is a Facebook application, the malware will launch a browser that loads Facebook at the same time, this browser is seen in the foreground, making you believe that the Facebook application launched it.
One you inputs your Facebook login details into the phishing page, the malicious app then sends the your credentials to a remote server. This could let hackers and other individuals access all data stored in the Facebook account.
Most of these apps offered new wallpapers, with a number of others providing video editing tools.
It is still unclear how exactly some of these apps were able to evade detection by Google Play Store Protection service this long but it is a relief that they are finally off the platform.