App stores are imperfect places, and serving as a reminder of this, a cybersecurity firm based in France alerted Google to the discovery of over two dozen malicious Android apps hanging out in the
Play Store. Fortunately, Google was quick to banish the apps. However, if you already have any of them installed, you should wipe them from your phone or tablet right away.
In this case, the apps are prone to stealing your
Facebook login credentials.
"When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you think that the application launched it," security firm Evina explains.
From there, the malicious app executes Javascript code to pluck your login credentials and then sends the stolen account information to a remote server. It is a bit rudimentary, but bound to trick some people, particularly those who are less savvy with technology. Some of the negative app reviews reflect this unfortunate reality.
"Very dangerous app. Avoid at all cost. The app doesn't do what it advertises. Once you download it you will get 133 notifications within 2 minutes," one of the user reviews states.
Here is a list of the malicious apps...
Source: Evina
There are 25 apps in all, and they represent a variety of types—flashlights, wallpapers, file managers, screenshot capturing, health tracking, games, and so forth.
Google has booted all of them from the Play Store, but that does not automatically uninstall them from your Android device. You will need to do that yourself, if you have any of these installed. We would also recommend passing this information along to any less savvy family and friends you may have in your circle.
It also pays to be diligent. Not all malicious apps are easy to spot. Last August, for example, we reported on
85 sneaky adware apps racking up 8 million cumulative downloads from the Play Store. And in September of that same year, a security outfit had discovered a
pair of malicious Android apps in the Play Store that had been collectively downloaded more than 1.5 million times.