The cyber-security agency of France, Evina, recently reported that 25 malicious Android apps were found red-handed for stealing the Facebook credentials of the user. These are mostly wallpaper apps, image and video editors, flashlight apps, games, and file managers.
Though those 25 apps were collectively downloaded more than 2.34 million times, Google removed those from the Pay Store to safeguard user's accounts from such a phishing attack. Do you have those apps on your smartphone? Time to act now and remove them immediately.
Here is the list of 25 apps that were found stealing users credentials by executing a malicious code to detect which app the user recently opened:
| Application Name | Package Name |
| Super Wallpapers Flashlight | com.wallpaper.flashlight.compass |
| Padenatef | com.sun.newjbq.beijing.ten |
| Wallpaper Level | com.liapp.level |
| Contour level wallpaper | com.communication.walllevel |
| iPlayer & iWallpaper | com.ldl.videoedit.iwallpapers |
| Video Maker | com.androidapp.videosedit.v |
| Color Wallpapers | com.play.ljj.wallpapercomapss |
| Pedometer | com.baidu.news.pedometer |
| Powerful Flashlight | com.meituanybw.flash |
| Super Bright Flashlight | com.tqyapp.sb.flashlight |
| Super Flashlight | com.superapp.xincheng |
| Solitaire Game | com.game.tqsolitaire |
| Accurate scanning of Meade | com.tqyapp.qr |
| Classic card game | com.card.solitairenew |
| Junk file cleaning | com.xdapp.cleaning |
| Synthetic Z | com.tqygame.synthetic |
| File Manager | com.smt.filemanager |
| Composite Z | com.game.hcz |
| Screenshot Capture | com.tianqiyang.lww.screenedit |
| Daily Horoscope Wallpapers | com.tianqiyang.lww.constellation |
| Wuxia Reader | com.wuxia.reader |
| Plus Weather | com.plus.android.weather |
| Anime Live Wallpaper | com.tqyapp.chuangtai |
| iHealth Step Counter | com.tiantian.lang.tencent |
| com.tgyapp.fiction | com.tgyapp.fiction |
According to Evina, once an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you think that the application launched it.
When you enter your credentials into this browser, the malware executes javascript to retrieve them. The malware then sends your account information to a server.
After the malicious execution discovered in early June, Google removed them from the Play Store, disabled them on users' smartphones, and informed the user through the Play Protect feature.
If you have those applications still running on your phone, it's time for you to remove them manually, and you should perform this immediately.
Thank you for visiting our website!
We value your engagement and would love to hear your thoughts. Don't forget to leave a comment below to share your feedback, opinions, or questions.
We believe in fostering an interactive and inclusive community, and your comments play a crucial role in creating that environment.