Google has just deleted around twenty applications that stole Facebook login credentials using the phishing technique. Some of them have been present for at least a year on the Play Store. In total, they have been downloaded more than 2.3 million times.
Again, Google had to clean up its Play Store . Without knowing it, the store always hosts malware and other harmful products that at best slow down Android mobiles or, at worst, steal their data. This time, it was Evina , a French cybersecurity company that raised the hare. At the end of May, it unmasked 25 applications present on the Play Store, some of them for more than a year, which contained malicious code. These applications all came from the same group of hackers and the operating mode was systematically identical.
Under the cover of legitimate functions ( activity tracker , image or video editor, torches, games, utilities …), malicious code came to detect which applications the user had recently opened and especially which was displayed first. plan. The code choice target was mainly Facebook . If the social network application was detected, the application immediately came to superimpose a false Facebook login page with the intention of recovering the user’s identifiers.
A phishing attempt via Facebook
In other words, it was a phishing attempt which, if successful, returned the identifiers to a domain called airshop.pw. It is now inactive. Informed by Evina at the end of May, Google immediately worked to remove from the Play Store the 25 applications that hosted the malicious code, but before that, they had been downloaded more than 2.34 million times.
Again, and despite its efforts to strengthen security, hosting applications concealing malicious code remains a big concern for the internet giant .
You will find the complete list of the 25 applications below. A priori, if you installed them, they have already been automatically deactivated by Google.