📢 Here's a list of 25 apps that Google removed from Play Store for stealing Facebook credentials

After a security hole discovered by French security agency Evina, Google removed 25 apps from Play Store which were stealing Facebook credentials. - Story published by Kunal Chowdhury on , and was last updated on 2020-07-08T13:22:12Z.

Here's a list of 25 apps that Google removed from Play Store for stealing Facebook credentials
Follow us on:    Twitter  |  Mastodon  |  Facebook  |  WhatsApp  |  Telegram  |  Google News

The cyber-security agency of France, Evina, recently reported that 25 malicious Android apps were found red-handed for stealing the Facebook credentials of the user. These are mostly wallpaper apps, image and video editors, flashlight apps, games, and file managers.


Though those 25 apps were collectively downloaded more than 2.34 million times, Google removed those from the Pay Store to safeguard user's accounts from such a phishing attack. Do you have those apps on your smartphone? Time to act now and remove them immediately.


Here's a list of 25 apps that Google removed from Play Store for stealing Facebook credentials


Here is the list of 25 apps that were found stealing users credentials by executing a malicious code to detect which app the user recently opened:


Application NamePackage Name
Super Wallpapers Flashlightcom.wallpaper.flashlight.compass
Wallpaper Levelcom.liapp.level
Contour level wallpapercom.communication.walllevel
iPlayer & iWallpapercom.ldl.videoedit.iwallpapers
Video Makercom.androidapp.videosedit.v
Color Wallpaperscom.play.ljj.wallpapercomapss
Powerful Flashlightcom.meituanybw.flash
Super Bright Flashlightcom.tqyapp.sb.flashlight
Super Flashlightcom.superapp.xincheng
Solitaire Gamecom.game.tqsolitaire
Accurate scanning of Meadecom.tqyapp.qr
Classic card gamecom.card.solitairenew
Junk file cleaningcom.xdapp.cleaning
Synthetic Zcom.tqygame.synthetic
File Managercom.smt.filemanager
Composite Zcom.game.hcz
Screenshot Capturecom.tianqiyang.lww.screenedit
Daily Horoscope Wallpaperscom.tianqiyang.lww.constellation
Wuxia Readercom.wuxia.reader
Plus Weathercom.plus.android.weather
Anime Live Wallpapercom.tqyapp.chuangtai
iHealth Step Countercom.tiantian.lang.tencent



According to Evina, once an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you think that the application launched it.


When you enter your credentials into this browser, the malware executes javascript to retrieve them. The malware then sends your account information to a server.


After the malicious execution discovered in early June, Google removed them from the Play Store, disabled them on users' smartphones, and informed the user through the Play Protect feature.


If you have those applications still running on your phone, it's time for you to remove them manually, and you should perform this immediately.