These 25 Android Apps were Secretly Stealing Facebook Passwords

They were disguised as wallpaper programs and card games.
Photo/s: Rami Al-zayat via Unsplash

A handful of mobile applications were recently removed from Google Play Store for harvesting Facebook login credentials.

Cybersecurity firm Evina detected the 25 malicious programs, which were hidden as wallpaper apps and card games, among others. Unfortunately, the new malware had already been downloaded a total of 2.34 million times.

Check out the list:


Evina explained how these apps steal FB information: "When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time.

"The browser is displayed in the foreground which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes java script to retrieve them. The malware then sends your account information to a server."

See Also

Recommended Videos

No need to worry, though, as the French agency was able to reverse-engineer the malware to protect their end-users. Also, Google pulling the apps from Play Store automatically disables the program on user devices.

Evina Chief Technology Officer Lionel Ferri said, "It's a fraudulent technique that points out the danger and reflects how important it is to protect yourself. It can not be identified by Facebook as the malware displays in front of the legit app when it is launched."

Latest Headlines
Recent News