Google removed 25 Android apps from it this month Play Store as it turned out that they were stealing Facebook credentials. These Android apps were downloaded more than 2,34 million times, by the time they were removed. Malicious apps were developed by the same threat group and although they offered users different ones functions, everything worked "underground" in exactly the same way.
According to a report by the French cybersecurity company "Evina", Android apps are presented as games for cell phones, step counters, file managers, processors images - videos, wallpaper apps and lens apps. Although these applications provided legitimate functionality, they also contained malicious code. Evina researchers noted that the apps contained code which could detect which application a user recently opened and which he had on his mobile desktop.
The malicious Facebook application had a window browser at the top of the official Facebook app and loaded a fake Facebook login page. In the image below, the blue line depicts the actual Facebook application and the black line the electronic fishing page (phishing).
Evina found the malicious code that stole Facebook credentials in 25 Android apps that were reported to Google about a month ago. Google has removed them applications this month, after the findings of the French security company were verified. Some of the apps were available in the Play Store for more than a year before they were removed. The full list of 25 applications, their names and ID package, is shown below. When Google removes malicious apps from the Play Store, it also disables apps on a user's device and notifies them via service "Play Protect" included in the official Play Store application.