The Google Play Store has removed another 25 third-party apps for allegedly violating security rules. It took the action after a French cybersecurity firm, Evina, reported that the apps were accessing users’ Facebook credentials.
Evina reports that all the apps appear to have been developed by “a single threat group” and provide widely used features like wallpaper and flashlight functions. Once downloaded, however, they reportedly access Facebook usernames and passwords.
“When an application is launched on your phone, the malware queries the application name,”
Evina explained on its website. “If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes javascript to retrieve them. The malware then sends your account information to a server.”
Apps that have been removed
Evina listed the following apps -- now removed from the Google Play Store -- as being security risks:
Super Wallpapers Flashlight
Padentaef
Wallpaper Level
Contour Level Wallpaper
iPlayer & iWallpaper
Video Maker
Color Wallpapers
Pedometer
Powerful Flashlight
Super Bright Flashlight
Super Flashlight
Solitaire Game
Accurate scanning of QR code
Classic Card Game
Junk File Cleaning
Synthetic Z
File Manager
Composite Z
Screenshot Capture
Daily Horoscope Wallpapers
Wuxia Reader
Plus Weather
Anime Live Wallpaper
iHealth Step Counter
Com.tqyapp.fiction
Consumers who have downloaded any of these apps are advised to uninstall them. According to tech news site BGR, Google also disabled the apps on the user end after removing them from the store.
Cybersecurity firm Norton advises consumers to always use caution with downloading third-party apps. Even though the Apple Store and Google Play Store require developers to follow strict security guidelines, it’s a good idea to seek user reviews of the apps before downloading them.