Consider this your umpteenth reminder that for as much as Google keeps improving or promising it’s improved the company’s proprietary app marketplace, sketchy app developers will never stop coming and never stop trying to sneak into the Google Play Store — past all the company’s defenses — to put its apps into the mix and awaiting your download. Which we saw yet another example of in recent days, with the revelation that Google has booted another batch of Android apps from the store, this time 25 apps caught in a position to steal users’ Facebook login data.
Evina, a French cybersecurity firm, disclosed this news in recent weeks, with its report that a single threat group developed the batch of apps that were made to look like everything from wallpaper and flashlight apps to mobile games. However, all the apps had the same goal, as Evina explains in its report of the fraud.
“When an application is launched on your phone, the malware queries the application name,” the company explains. “If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes javascript to retrieve them. The malware then sends your account information to a server.”
More information and referenced article here