Google has removed nine Android apps downloaded more than 5.8 million times from the Play Store. The apps were furtively stealing users’ Facebook login credentials. Researchers from Dr. Web say the apps masked their malicious intent by disguising as photo-editing, optimizer, fitness, and astrology programs, only to trick victims into logging into their Facebook accounts and hijacking the entered credentials via a piece of JavaScript code received from an adversary-controlled server. The attack could have been easily expanded to load the login page of any legitimate web platform with the goal of stealing logins.
Source: https://thehackernews.com/2021/07/android-apps-with-58-million-installs.html