Google has reportedly removed 25 applications from its Play Store after French cyber-security firm Evina claimed that they stole Facebook credentials of users. The firm even mentioned that by the time they were taken down, these 25 apps were downloaded some 2.34 million times in total. Also mentioned was that these apps were created by the same group, reported Hindustan Times.
And while all of them seemed different in offerings and features, they served the same purpose under the hood. These apps were from different genres, as reported by ZDnet. While some were step counters, image editors, video editor apps, others were wallpaper apps, flashlight applications, file managers, and mobile games.
Here is the list of apps that have now been removed from the Google Play Store:
Super Wallpapers Flashlight
Contour level wallpaper
Iplayer & iwallpaper
Super Bright Flashlight
Accurate scanning of QR code
Classic card game
Junk file cleaning
Daily Horoscope Wallpapers
Anime Live Wallpaper
iHealth step counter
Out of these, Super Wallpapers Flashlight and Padenatef were the only apps that were downloaded 500,000 times. Most were downloaded 100,000 times while the last three were downloaded roughly 100 times.
These apps included malicious code that detected which app is opened in the background and foreground. If it was Facebook, the malicious app will show an overlaid web browser window on top of the Facebook app and load the fake login page. The user then gives his/her credentials thinking of it as a legit page.
All these apps were reported to Google in May and the company removed these apps earlier this month. Although the Play Store is now slightly more secure with these apps gone, what however still remains a question is that despite Google’s stringent processes of approving apps, how are such app still making their way to the Play Store.