25 Android Apps Steal Facebook Passwords

John Lister's picture

Google has removed 25 malicious Android apps which tried to steal user Facebook logins. As always, it's worth checking devices to see if these apps are installed, because they won't automatically uninstall from phones even being ousted from the Play Store.

This particular batch of apps didn't have a common subject, but each promised to carry out a basic function, including: a flashlight, file cleaner, or card game.

Hidden deep inside each app was malicious software that ran behind the scenes. The malware came alive each time an app was opened on the phone, specifically checking to see if the user launched the Facebook app.

If so, the malware would instantly load a web browser that would appear in the foreground of the screen - in front of the real Facebook app. The web browser would contain a close replica of the real Facebook app's login screen.

Scammers Search for Personal Data

Victims would then assume they needed to login again and type in their user name and password. The collected information was then sent to a server with a domain name issued in the Pacific island nation of Palau, though this is likely not the physical location of the malware operators.

Stealing Facebook access not only allows the scammers to access personal data and even personal messages that could aid identity theft, but also offers a way to quickly spread malicious links to the user's online friends who might not realize the account had been compromised. The scammers may also sell the login details on the black market.

The nature of the attack likely means the scammers are simply playing the numbers game to target as many victims as possible, rather than to go after specific individuals with high worth or access to sensitive data.

Full List Of Rogue Apps

Evina, the company which spotted the scam, points out that Facebook itself likely has no way to identify when the malware is running. One way to limit the effect is to switch on two-factor authentication. That makes it harder for scammers to access a Facebook account, even if they have the login details but don't have access to the user's devices. (Source: lifehacker.com)

After learning of the rogue apps, Google deleted them from the Play Store, but they may still remain on user's devices.

The apps to look for are titled:

  • Accurate Scanning of QR Code
  • Anime Live Wallpaper
  • Classic Card Game
  • Color Wallpapers
  • com.tqyapp.fiction
  • Composite Z
  • Contour Level Wallpaper
  • Daily Horoscope Wallpapers
  • File Manager
  • iHealth Step Counter
  • iPlayer & iWallpaper
  • Junk File Cleaning
  • Padenatef
  • Pedometer
  • Plus Weather
  • Powerful Flashlight
  • Screenshot Capture
  • Solitaire Game
  • Super Bright Flashlight
  • Super Flashlight
  • Super Wallpapers Flashlight
  • Synthetic Z
  • Video Maker
  • Wallpaper Level
  • Wuxia Reader

What's Your Opinion?

How do you decide what apps to install on your mobile device? Do you think you'd fall for this scam? Should Google offer the option to automatically remove apps from your device if they are deleted from the Play Store on security grounds?

Rate this article: 
Average: 5 (9 votes)

Comments

stykman_2422's picture

How do we know if a similarly named app is a guilty party? For instance, I have two games on my phone called Solitaire. I guess I'll have to see if they update on Google Play. Google should at least warn if apps have a security problem.