Android powers more than five times as many smartphones and tablets as iOS. As a result, the number of apps on the Google Play Store is considerably higher than Apple’s App Store and that makes the app review process less rigorous for Android. Predictably, that allows many malicious apps to pass through the review process much more easily and remain on the Play Store until reported for chicanery. Google, however, does act promptly in removing malicious apps, especially when it comes to serious allegations like phishing. The internet giant has now struck down 25 apps for deceiving users and logging Facebook login credentials, as per a recent report.
French cyber-security agency Evina recently reported 25 malicious apps to Google in May for siphoning off users’ Facebook login details. This was accomplished by creating a faux login page on top of the actual Facebook’s login page. The malicious elements were disguised by legit functionality in these apps. Evina notes that these apps were masquerading as wallpaper apps, image and video editors, flashlight apps, games, and file managers on the Google Play Store.
Fake Facebook login page in the overlay; Image courtesy of Evina
The French agent also told ZDNet that some of these malicious apps had been on the Google Play Store for over a year. Google removed them after validating the findings in early June. While removing apps from the Play Store, Google also disables them on users’ smartphones and informs them through the Play Protect feature.
The list of apps removed by Google includes:
| App Name | Package | No. of installs |
|---|---|---|
| Super Wallpapers Flashlight | com.wallpaper.flashlight.compass | 500000+ |
| Padenatef | com.sun.newjbq.beijing.ten | 500000+ |
| Wallpaper Level | com.liapp.level | 100000+ |
| Contour level wallpaper | com.communication.walllevel | 100000+ |
| iPlayer & iWallpaper | com.ldl.videoedit.iwallpapers | 100000+ |
| Video Maker | com.androidapp.videosedit.v | 100000+ |
| Color Wallpapers | com.play.ljj.wallpapercomapss | 100000+ |
| Pedometer | com.baidu.news.pedometer | 100000+ |
| Powerful Flashlight | com.meituanybw.flash | 100000+ |
| Super Bright Flashlight | com.tqyapp.sb.flashlight | 100000+ |
| Super Flashlight | com.superapp.xincheng | 100000+ |
| Solitaire Game | com.game.tqsolitaire | 100000+ |
| Accurate scanning of Meade | com.tqyapp.qr | 50000+ |
| Classic card game | com.card.solitairenew | 50000+ |
| Junk file cleaning | com.xdapp.cleaning | 50000+ |
| Synthetic Z | com.tqygame.synthetic | 50000+ |
| File Manager | com.smt.filemanager | 50000+ |
| Composite Z | com.game.hcz | 50000+ |
| Screenshot Capture | com.tianqiyang.lww.screenedit | 10000+ |
| Daily Horoscope Wallpapers | com.tianqiyang.lww.constellation | 10000+ |
| Wuxia Reader | com.wuxia.reader | 10000+ |
| Plus Weather | com.plus.android.weather | 10000+ |
| Anime Live Wallpaper | com.tqyapp.chuangtai | 100 |
| iHealth Step Counter | com.tiantian.lang.tencent | – |
| com.tgyapp.fiction | com.tgyapp.fiction | – |
The post Google has removed 25 apps from Play Store for phishing Facebook credentials appeared first on xda-developers.
from xda-developers https://ift.tt/31OwMvr
via IFTTT
Aucun commentaire:
Enregistrer un commentaire