These popular Android apps were secretly scraping Facebook login details

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

PCHF IT Feeds

PCHF Tech News
PCHF Bot
Jan 10, 2015
52,130
26
pchelpforum.net
Android users have again been warned to up their security awareness after more malicious apps were pulled from the Google Play Store.

Overall, 25 Android apps were removed after they were found to be targeting user Facebook login information, with apps posing as mobile games, video editors, wallpaper apps and fitness trackers.

The malicious apps, some of which had been on the Play Store for more than a year, had been downloaded more than 2.34 million times in total, warned security firm Evina, however users should no longer be at risk thanks to Google's own security protections.

Android security


In its report, Evina noted that the 25 apps all originated from the same cybercrime group, and despite offering some basic functionalities, all in fact hid malicious actions.

The researchers found that the apps contained code that was able to detect recently opened services on the target device, including what apps were open in the foreground and background.

If Facebook was open in the foreground, the malicious app would launch a web browser window containing a fake Facebook login page overlaying on top of the real app, attempting to try and trick users into entering their details into the fake page, which would then send these details off to a remote server.

Evina reported the 25 malicious apps to Google at the end of May, with the search giant taking the apps off the Play Store this week after confirming the findings. Google says it disables any apps removed from the Play Store on any user devices that may have downloaded them, with its Play Protect service notifying affected users of any issues.

The news comes soon after tens of thousands of dangerous Android apps were found to be putting mobile users at heightened risk of fraud and cyberattack, suggesting hackers are consistently able to find ways to get around Google’s vetting system.


Via ZDNet

Continue reading...