The cyber-security agency of France, Evina, recently reported that 25 malicious Android apps were found red-handed for stealing the Facebook credentials of the user. These are mostly wallpaper apps, image and video editors, flashlight apps, games, and file managers.

 

Though those 25 apps were collectively downloaded more than 2.34 million times, Google removed those from the Pay Store to safeguard user's accounts from such a phishing attack. Do you have those apps on your smartphone? Time to act now and remove them immediately.

 

Here's a list of 25 apps that Google removed from Play Store for stealing Facebook credentials

 

Here is the list of 25 apps that were found stealing users credentials by executing a malicious code to detect which app the user recently opened:

 

Application NamePackage Name
Super Wallpapers Flashlightcom.wallpaper.flashlight.compass
Padenatefcom.sun.newjbq.beijing.ten
Wallpaper Levelcom.liapp.level
Contour level wallpapercom.communication.walllevel
iPlayer & iWallpapercom.ldl.videoedit.iwallpapers
Video Makercom.androidapp.videosedit.v
Color Wallpaperscom.play.ljj.wallpapercomapss
Pedometercom.baidu.news.pedometer
Powerful Flashlightcom.meituanybw.flash
Super Bright Flashlightcom.tqyapp.sb.flashlight
Super Flashlightcom.superapp.xincheng
Solitaire Gamecom.game.tqsolitaire
Accurate scanning of Meadecom.tqyapp.qr
Classic card gamecom.card.solitairenew
Junk file cleaningcom.xdapp.cleaning
Synthetic Zcom.tqygame.synthetic
File Managercom.smt.filemanager
Composite Zcom.game.hcz
Screenshot Capturecom.tianqiyang.lww.screenedit
Daily Horoscope Wallpaperscom.tianqiyang.lww.constellation
Wuxia Readercom.wuxia.reader
Plus Weathercom.plus.android.weather
Anime Live Wallpapercom.tqyapp.chuangtai
iHealth Step Countercom.tiantian.lang.tencent
com.tgyapp.fictioncom.tgyapp.fiction

 

 

According to Evina, once an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you think that the application launched it.

 

When you enter your credentials into this browser, the malware executes javascript to retrieve them. The malware then sends your account information to a server.

 

After the malicious execution discovered in early June, Google removed them from the Play Store, disabled them on users' smartphones, and informed the user through the Play Protect feature.

 

If you have those applications still running on your phone, it's time for you to remove them manually, and you should perform this immediately.

 

 

Have a question? Or, a comment? Let's Discuss it below...

Thank you for visiting our website!

We value your engagement and would love to hear your thoughts. Don't forget to leave a comment below to share your feedback, opinions, or questions.

We believe in fostering an interactive and inclusive community, and your comments play a crucial role in creating that environment.