Over two dozen Android apps found stealing user data

Evina, a French cybersecurity firm, recently discovered a batch of 25 Android apps masking themselves as games, wallpaper, and other useful programs to get at your private information.

Once a victim downloads one of these apps, it scans the device for other applications. If it finds Facebook, and the malicious software waits for the user to open the social media app.

Once the victim opens Facebook, it triggers the fake app to launch a lookalike browser window over the Facebook login page. If the user puts in the requested login credentials, then the app captures them and ships the details to a remote server.

It’s been a rough year for the Google Play Store, as one study found that nearly 7% of Google Play apps run background actions. Just last month, Google removed 50 apps from the Play Store for excessive adware.

The 25 offending apps were reported to Google in May, and the tech giant swiftly deleted them. However, some of these sneaky apps had been available in the Play Store for a year or more. During that time, roughly 2.3 million Android devices downloaded them.

The list of apps reported to Google for this issue is as follows:

  • Super Wallpapers Flashlight
  • Padenatef • Wallpaper Level
  • Contour Level wallpaper
  • iPlayer & iWallpaper
  • Video Maker
  • Color Wallpapers
  • Pedometer
  • Powerful Flashlight
  • Super Bright Flashlight
  • Super Flashlight
  • Solitaire Game
  • Accurate scanning of QR code
  • Classic card game
  • Junk file cleaning
  • Synthetic Z
  • File Manager
  • Composite Z
  • Screenshot Capture
  • Daily Horoscope Wallpapers
  • Wuxia Reader
  • Plus Weather
  • Anime Live Wallpaper
  • Health Step Counter

If you have any of these apps on your Android device, you should immediately delete it and use a different device to change your Facebook password.