Security News > 2021 > July > Android Apps in Google Play Harvest Facebook Credentials
A set of nine malicious Android apps that steal Facebook credentials were found on Google Play, which racked up a collective 5.9 million installations before Google removed them.
The malicious apps were detected as trojans called Android.
"What all enterprises can do to protect themselves and their users against such exploits is to ensure that user credentials are not sufficient by themselves to log in to accounts. Mandating that an independently verified second factor such as a one-time passcode or an app authentication token must be presented alongside user credentials will dramatically shrink the attack surface."
Users should also remember that the official Google Play store is no stranger to malicious apps.
The dropper, dubbed Clast82, was disguised in benign apps, which don't fetch a malicious payload until they have been vetted and cleared by Google Play Protect.
"The uncontrolled proliferation of mobile trojan apps on the Google Play store continues to wreak havoc with credentials and other personally identifiable information theft of consumers," said Rajiv Pimplaskar, CRO at Veridium, via email.
News URL
https://threatpost.com/android-apps-google-play-facebook-credentials/167563/
Related news
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- Google adds Android auto-reboot to block forensic data extractions (source)
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (source)
- Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers (source)
- Google fixes actively exploited FreeType flaw on Android (source)
- Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android (source)
- Google’s Advanced Protection Now on Android (source)
- Google strengthens secure enterprise access from BYOD Android devices (source)