Remove These 25 Android Apps That Steal Facebook Logins

1
Remove These 25 Android Apps That Steal Facebook Logins

Google has removed 25 malicious apps from the Google Play Store after the French cybersecurity firm Evina discovered they contained Facebook-hacking malware. That means it’s time once again to check your Android device to make sure you didn’t foolishly (or accidentally) install a crappy app.

The list of apps includes flashlight tools, pedometers, image editors and more, but they’re all basically the same app. Sure, they all perform their different features as advertised, and they look different on the surface, but they all contain the same malicious code built to steal your Facebook login information.

The bad-news apps would check if the Facebook app was open in the background, then sneak a browser tab with a fake Facebook login page into the open background app’s window, enticing you to fill in your info. The fake page would copy your login and password and send them to a remote server that has since been shut down.

Here’s the list of removed apps from Evina’s report:

Image: Evina Image: Evina

Apps removed from Google Play should enabling two-factor authentication is always a good bet — right away.

Normally I’d make sure to remind folks to check those app permissions to make sure there’s nothing sketchy happening under the hood, but these apps were suckering users with fake Facebook login pages rather than doing anything untoward behind the scenes. That said, checking app permissions before installing is crucial to data security, but you can’t drop your guard just because the permissions seem fine.

Plenty of malware apps and phishing campaigns try to steal your social media account info with fake login pages. The safest strategy is to only log in through a social media platform’s official app.

However, if for some reason you do need to log in via a web browser, confirm the page is legit first. Check everything — the URL, images, layout, text, even the colour of the page when you view all tabs. If they don’t match, then it’s a fake.

That’s why having extra layers of security on all your accounts is important: even if your password is stolen, it’ll be difficult for someone to break in if they don’t have access to your 2FA codes.

[ZDNet]

Comments

  • Hello
    Would have been SOOO MUCH more helpful if you had sorted the list before posting it.
    Cheers
    Chris

Comments are closed.

Log in to comment on this story!