Image via Adobe Stock
Image via Adobe Stock
Google Play has been fighting the good fight when it comes to dodgy apps for quite some time. It seems, however, that when one batch of questionable apps is removed from the Play Store, seven more pop up in its place.
Despite the search giant’s best efforts to protect users, 25 malicious apps were discovered by French cybersecurity firm, Evina. These apps are being flagged for stealing Facebook credentials, among other things.
Unfortunately, some of these apps have been downloaded more than two million times. At least five the apps on the list seem completely harmless, so keep reading, you may be at risk.
Evina released a report stating that a single threat group developed a batch apps that appear harmless, from wallpaper and flashlight apps to weather apps and mobile games. However, these apps were designed to steal your data.
The team explains that when an application is launched on your phone, “the malware queries the application name”. If it’s a Facebook app, the malware will “launch a browser that loads Facebook at the same time”. Why, I hear you ask?
Evina CTO, Lionel Ferri, explains it’s a “fraudulent technique [which] can not be identified by Facebook as the malware displays in front of the legit app when it is launched”.
The good news is that Google already removed the apps from the Play Store, so there’s no risk of downloading these apps now. Google also disabled the apps on the users’ end.
“We had Google shut down those applications. Evina managed to successfully reverse-engineer the malware which enabled us to protect end-users against it”.
However, some of these apps have been around since 2019. The issue was first raised in May. Google investigated and took action in June.
Going forward, always read app reviews before downloading it. If the app has a high rating but only seven reviews, it’s probably malicious. The more reviews, the better; real users will comment if there’s an issue with an app.
It’s also suggested to read the app description carefully and look for details about who developed the app. The quality of images and logos used, along with bad grammar and spelling could also be an indicator for malicious apps.
Many counterfeit apps manage to sneak by undetected because there’s a slight misspelling in the name or developer’s name.