Apps being shared on Android app stores have been used to steal Facebook credentials from unsuspecting victims. The apps are masquerading as reading and education apps and have been circulating since 2018. The campaign has victimized over 300,000 devices across 71 different countries. When the victim downloads the app, they are prompted to input their credentials into a fake Facebook login page in order to use the app. Once the credentials are submitted, the user has full access to the app and their credentials have been harvested by the threat actor. The apps have been removed from the Google Play store but are still available via third-party app stores.
Vietnam has been the most affected country from these apps, but Android users in any country could have downloaded them. Android apps are constantly being used by threat actors because of the availability of third-party app stores and the lack of strict app guidelines for apps published within those stores. Android users should only download apps through the official Google Play Store and only from trusted developers.