Android users have once again been warned to stay vigilant and keep their smartphone security measures up to date after it was found that 25 popular Android apps were sneaking malware onto users’ smartphones (opens in new tab), letting hackers scrape Facebook login details off infected devices.
The malware was uncovered by French cybersecurity company Evina (opens in new tab), who discovered a total of 25 popular Android apps (opens in new tab) which were infected with this malware. Between them, these apps had been downloaded over 2.3 million times with the most popular app among them, Super Wallpapers Flashlight, having 500,000 installs by itself. Many of these apps had been live on the Android store since early 2019, while the oldest had been live since 2017, though we do not know when it was updated to include this malware.
But what did this malware do and how did it steal your Facebook login details? The malware contained code that meant it could detect what apps you had open on your smartphone. If it detected that Facebook was open, it would immediately open a web browser window over the top of that app containing a fake Facebook login screen, tricking users into thinking that they had been logged out and needed to re enter their details. When users reentered their username and password, this information would be sent to a remote server instead.
Evina reported knowledge of this malware and the apps that it infected to Google at the end of May, and Google has just this week finished removing the offending software from the Play Store, while also disabling the apps on any devices that it has already been installed on. Users who have the software installed will receive a message from the Play protect service notifying them if this has happened.
What can you do if your device was infected?
The first thing you need to do is make sure that none of these software are still installed on your smartphone. Google has taken steps as we mentioned above, but they will only have taken effect if your device has been connected to the internet via WiFi or mobile network.
Once you’re sure the program is gone, your next step should be to reset your Facebook login details. To be safe, we’d recommend doing this on a different device to the one that was infected. You could also perform a factory reset on your smartphone if you really want to take the “nuke it from orbit” option, but make sure you have your photos, contacts, etc. backed up first.
Keeping your smartphone safe
Computer viruses and malware used to be the reserve of home computers (opens in new tab) and laptops (opens in new tab), but these days just about any smart device can be hacked or infected with malware. Most smartphones have built-in virus and malware protection, but we’d also recommend getting, as a dedicated solution on top of that.
Many of the best internet security software (opens in new tab) packages cover Android and iOS smartphones and tablets (opens in new tab), and they offer multi device coverage so you can protect all your online devices with one package. You could also consider getting one of the best VPN services (opens in new tab) on your smartphone to keep your connections encrypted when you’re surfing the web - this is especially important if you often use free public WiFi, as these connections are unsecure.