A report by cybersecurity researchers at Evina has warned us about 25 dangerous applications that can steal your Facebook login details.
Image: Evina |
Google has already removed these apps from the Play Store and Android users are advised to do the same. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same. According to ZDNet, the apps posed as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games(which work fine) but actually contained malicious content. Which would be activated once the app was installed at the right time.
The apps have the ability to mimic the popular social media site and overlay a web browser window on top of the official Facebook app. The overlayed page is very difficult to spot since it is so identical to the original, tricking users into entering their user names and passwords which are sent to hackers to use at a later date.
Lionel Ferri, Evina CTO said that the malware can not be identified by Facebook as the malware displays in front of the legit app when it is launched. The good news is that the apps were reported and deleted from the Play Store at the end of May. However, some of the applications had actually been available to download for over a year and had amassed over 2.3 million downloads.
Here is a list of the 25 Apps:
- Super Wallpapers Flashlight
- Padenatef
- Wallpaper Level
- Contour Level Wallpaper
- iPlayer & iWallpaper
- Video Maker
- Color Wallpapers
- Pedometer
- Powerful Flashlight
- Super Bright Flashlight
- Super Flashlight
- Solitaire Game
- Accurate Scanning of QR Code
- Classic Card Game
- Junk File Cleaning
- Synthetic Z
- File Manager
- Composite Z
- Screenshot Capture
- Daily Horoscope Wallpapers
- Wuxia Reader
- Plus Weather
- Anime Live Wallpaper
- iHealth Step Counter
- com.tqyapp.fiction
Image: Evina |