These apps were mostly offered services such as file managers, wallpaper management, weather and screenshot editor. These apps came with a malware that used to steal your login details on your phone when you launched them.
Explaining how these malicious apps work, Evina said in her blog post, "When an application is started on your phone, the name of the application is queried by the malware. If it is a Facebook application, a browser that loads Facebook at the same time will launch the malware.
The browser is displayed in the foreground, which makes you think it was launched by the application. When you enter your credentials in this browser, the malware will execute java-script to get them. The malware then sends information regarding your account to a server.
"It's a fraudulent technique that highlights the danger and reflects the importance of protecting yourself. When it's launched, Facebook can not identify it as the malware displays in front of the legit app, "said Lionel Ferri, CTO, Evina.
Recently, after being caught collecting sensitive user data, Google has removed at least 106 Chrome extensions which were identified as a threat to user privacy.
Cyber security firm Awake Security had identified 111 Chrome extensions and alerted Google about the same and Google took down 106 out of those 111 extensions.
Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a "massive global surveillance campaign" targeting oil and gas, finance, and healthcare sectors.— Daniel Maithya (@DanielMaithyaKE) June 22, 2020
These extensions reportedly posed as tools for enhancing web searches and had the ability to take screenshots, read the clipboard, harvest authentication cookies or grab user keystrokes to read passwords and other confidential data.