A handful of mobile applications were recently removed from Google Play Store for harvesting Facebook login credentials.
Cybersecurity firm Evina detected the 25 malicious programs, which were hidden as wallpaper apps and card games, among others. Unfortunately, the new malware had already been downloaded a total of 2.34 million times.
Check out the list:
Evina explained how these apps steal FB information: "When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time.
"The browser is displayed in the foreground which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes java script to retrieve them. The malware then sends your account information to a server."
No need to worry, though, as the French agency was able to reverse-engineer the malware to protect their end-users. Also, Google pulling the apps from Play Store automatically disables the program on user devices.
Evina Chief Technology Officer Lionel Ferri said, "It's a fraudulent technique that points out the danger and reflects how important it is to protect yourself. It can not be identified by Facebook as the malware displays in front of the legit app when it is launched."
