Why Google’s removal of malicious apps from Play Store is a wake-up call

Google has removed another 25 apps for abusing Facebook user details – time for MFA to become common practice?
14 July 2020

Nine out of 10 health apps found covertly harvesting user data.

  • Google has been terminating malicious apps from its Play Store in recent weeks
  • Another batch of apps stored with malicious codes was found to be stealing Facebook login details 
  • The stolen login credentials were likely to be sold in the dark web 

Google has again taken down more than 25 apps from its Play Store after the malicious nature of the apps were discovered by a French cybersecurity firm, Evina. The 25 apps were caught to be stealing users’ Facebook login data.

Recently, the tech giant has removed more than 80 apps from its Play Store after it was found that developers were infecting devices with adware, causing users’ mobile to be plagued with unwanted ads.

Once again, Google is eliminating another batch of seemingly benign apps.

Evina raised the alarm by revealing that a single threat group developed the army of apps under the guise of offering wallpapers, flashlight, and weather functions. The apps may offer legitimate functions, but they inherently are baked with malicious codes.

The cybersecurity firm explained, “when an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground, which makes you think that the application launched it.

“When you enter your credentials into this browser, the malware executes JavaScript to retrieve them. The malware then sends your account information to a server.”

Users’ Facebook login credentials are harvested this way, and the information is sold to dark web buyers who can abuse the credentials and log into unsuspecting user’s social media accounts. The login credentials enable bad actors to access social media accounts and glean personal information. Users with the practice of using the same login passwords for multiple accounts are placed in more vulnerable positions.

The French cybersecurity firm informed Google of the apps in late May with the tech giant taking action in June; however, some of the apps have been available in the Play Store since last year. Collectively, the malicious apps were downloaded more than 2 million times before the purge.

Google has disabled the apps on the user’s end and notified users through its Play Protection service.

Lionel Ferri from Evina shared with 7NEWS that this is a cautionary tale for users to be more vigilant of the apps they choose to download.

“It’s a fraudulent technique that points out the danger and reflects how important it is to protect yourself,” Ferri said. “It can not be identified by Facebook as the malware displays in front of the legit app when it is launched.”

Even though Google has been aggressively weeding out bad actors and malicious apps from its Play Store, bad actors with increasingly sophisticated techniques are always trying to slip through the net.

Multi-factor authentication (MFA) can add an extra layer of defense for users and companies. MFA relies on more than just a password to authenticate access, such as retrieving a separate code from a different channel, additional information, or biometric details as covered in TechHQ.

The aim is to make it more difficult for bad actors to access accounts, and in this case, having a username and password at hand wouldn’t guarantee entry.