Android Apps Stealing Facebook Credentials
Google has removed 25 Android apps from its store because they steal Facebook credentials:
Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times.
The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same.
According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games.
The apps offered a legitimate functionality, but they also contained malicious code. Evina researchers say the apps contained code that detected what app a user recently opened and had in the phone’s foreground.
Clive Robinson • June 30, 2020 2:44 PM
@ Bruce,
I should make the same comment today about Google and it’s Walled Garden as I did yesterday about Apples Walled Garden.
But the simple fact is it’s not just Google and Apple, I’ve yet to find a Walled Garden with 3rd Party Apps that has honoured it’s majorly touted “reason to exist” the promise to keep users safe from malicious programs and exploiters…
I indicated back when Microsoft said similar things about TPM that I doubted it was possible and so it’s turned out to be so.
The reality is these walled gardens are not just a failure security wise nor just a way of raising revenue, they are a way to gather PPI data on the users and anti competative against developers.
That is the Cons of walled gardens significantly out weigh any of the promissed Pros, but more importantly the operators of these walled gardens can no longer be bothered to maintain the illusion of checking for malicious use in the applications.
Especially Google, who apparently have the expertise but chose to use it to find failings in other organisations products etc. Back in 2014 Google set up “Project Zero” to go hunting for zero day exploits, and it has had a number of successes. However in that same period they appear to have not realy focused on their walled garden and things have got steadily worse…
One of the things we should all be pushing for is properly open hardware platforms that the users have the level of control they need to get some level of privacy. Which is something all walled gardens clearly do not do, thus they are a security failure of monumental proportions.