Mobile devices and cell phones are becoming more and more present as powerful productivity machines, but they are also an important backdoor if you do not manage them properly. Last example h Google abolished at the end of June, 25 Android applications from Google Play Store, because they were "caught" stealing credentials at Facebook.
These 25 malicious applications were all built by the same team (Rio Reader LLC) and despite offering different functions, they all worked the same underground. Before she realizes her safety Google and remove them, the 25 applications had a total of over 2,34 million downloads.
According to a report by the French security company Evina, applications are presented as step counters, image editors, video editors, wallpaper applications, lens applications, file managers, and mobile games.
The applications offered legitimate functionality, but also contained malicious code. Evina researchers say the apps contained code that identifies which app was recently opened by a user in the foreground of the phone.
If this application was the Facebook, the malicious application overlapped its official application with its own screen Facebook and uploaded a fake login page to Facebook (see the following image: blue line = real application Facebook, black line = e-fishing page).
If users entered their credentials on this phishing site, the malicious application would record them and send them to a remote server located in the airshop.pw domain (which does not work now).
Evina said she found the malware embedded in 25 applications and reported it to Google at the end of May. THE Google after verifying the findings of the French security company, removed the dangerous applications. Some of the applications were available in the Play Store for more than a year !!!.
The full list of 25 applications, their names and package ID, is listed below. When the Google removes malicious applications from Google Store, also disables applications on the user's devices and notifies them through the Play Protect service (included in the official Play Store application).