Findings published by a French cybersecurity company Evina have revealed that 25 apps found on the Google Play Store contain malicious malware that tries to steal your Facebook login information. According to the researchers, Google has “shut down” these applications and removed them from the store—however, it’s important to check if you have unknowingly downloaded any of the reported apps on your Android smartphone.
Evina published a list of 25 different apps, ranging from wallpaper apps to video editors, but they all contain the same malicious code that compromises your privacy (specifically, your Facebook account). As more and more users rely on mobile devices as important cruxes of personal, social, and even professional lives, it is essential that users remove these apps to protect their information.
Additionally, Facebook offers users a “sign in with Facebook” option for supported platforms, so this breach in privacy could have even more dire consequences besides Facebook.
How does the malware work?
In a way, the malware works as a phishing campaign of sorts. When you launch a Facebook-supported app on your phone (that isn’t the offending malware-infested app), the malware will launch a browser with a fake Facebook login page.
Based on screenshots (above), the browser pops up in front of your display, which misleads users into believing that the application triggered a login page. Once your information has been input on the page, the malware then retrieves your details and sends them over to the attackers’ server.
The apps should be automatically deleted from your library once you’ve synced with Google Play, but you should still do a quick search to be sure. The full list of offending apps is as follows:
To protect yourselves against other similar scams or malware, there are a few things you can do. Firstly, only input your personal information on official apps and websites, and ensure that webpage logins are authentic before proceeding. Additionally, setup Two-Factor Authentication (2FA) where possible, so that there is an additional layer of protection if someone manages to retrieve your login credentials.
And as always, remember to only download apps from publishers that you trust. If you want to try something new, it’s a good idea to always go through the reviews of an app first.
Source: Soya Cincau