Google has removed 25 malicious apps from the Google Play Store after the French cybersecurity firm Evina discovered they contained Facebook-hacking malware. That means it’s time once again to check your Android device to make sure you didn’t foolishly (or accidentally) install a crappy app.

The list of apps includes flashlight tools, pedometers, image editors and more, but they’re all basically the same app. Sure, they all perform their different features as advertised, and they look different on the surface, but they all contain the same malicious code built to steal your Facebook login information.

The bad-news apps would check if the Facebook app was open in the background, then sneak a browser tab with a fake Facebook login page into the open background app’s window, enticing you to fill in your info. The fake page would copy your login and password and send them to a remote server that has since been shut down


Here’s the list of removed apps from Evina’s report:

Apps removed from Google Play should automatically be removed from any devices they were installed on, but it’s worth double-checking—especially if you have side-loaded anything on your device. If affected, you should reset your Facebook password and update your security settings—enabling two-factor authentication is always a good bet—right away.

Normally I’d make sure to remind folks to check those app permissions to make sure there’s nothing sketchy happening under the hood, but these apps were suckering users with fake Facebook login pages rather than doing anything untoward behind the scenes. That said, checking app permissions before installing is crucial to data security, but you can’t drop your guard just because the permissions seem fine.

Plenty of malware apps and phishing campaigns try to steal your social media account info with fake login pages. The safest strategy is to only log in through a social media platform’s official app.

However, if for some reason you do need to log in via a web browser, confirm the page is legit first. Check everything—the URL, images, layout, text, even the color of the page when you view all tabs. If they don’t match, then it’s a fake.