The report says all 25 applications send Stolen Facebook credentials to a central server and seem to be from a single developer. Some of them have hundreds of thousands of downloads and several users have complained about them in user reviews.
How Facebook credentials get stolen
The malware responsible for stealing Facebook credentials launches a browser that opens Facebook whenever a user tries to launch a Facebook application. The browser appears on top which makes the user believe it is the application they launched. Facebook is unable to identify the malware because of this behaviour and so can not stop the process. The login credentials are stolen as soon as they enter it and sent to a third party. Applications in which this malware is embedded include:
Super Wallpapers FlashlightPadentaefWallpaper LevelContour Level WallpaperiPlayer & iWallpaperVideo MakerColor WallpapersPedometerPowerful FlashlightSuper Bright FlashlightSuper FlashlightSolitaire GameAccurate scanning of QR codeClassic Card GameJunk File CleaningSynthetic ZFile ManagerComposite ZScreenshot CaptureDaily Horoscope WallpapersWuxia ReaderPlus WeatherAnime Live WallpaperiHealth Step CounterCom.tqyapp.fiction
Google has since removed all the applications and also disabled the apps on the user end after removing them from the store.
Attacks on mobile devices becoming common
Mobile phones have become targets for attacks from different applications recently. Google removed 38 applications from its play store just last month for after malware-related behaviour was detected. Like these 25, there were several victims who used the apps. Android phone users were the primary targets as is usually the case and security experts advise that users should be security conscious when installing third-party applications.