Security company Evina has discovered 25 apps in the Google Play Store which is stealing your Facebook login data via fake Facebook Authentication pages.
The Android malware apps cover a range of categories from flashlights to image editors, and work by opening up what appears to be a Facebook login page in your browser in the background, prompting you to enter your details without even knowing the page is associated with the app.
Besides stealing your credentials users are also complaining of ad pop-ups on their phone, ad notifications and other glitches.
Google has removed the apps from the Google Play Store, but you should still check if you have any on the following list installed and make sure they are not present on your device.
Given that the apps were downloaded from a trusted source (the Googe Play Store), it can be difficult for end-users to protect themselves. One way is installing anti-malware apps on your phone, and the other is to protect your important accounts such as your Google Account and Facebook Account with two-factor authentication.
Read more about the back at Evina here.