Google has since removed the apps in question but has the damage already been done?

Despite Google's efforts to keep Android free of malicious apps, they somehow keep finding a way through their certification process and ending up on the Google Play Store. The latest round of apps that the search giant has removed had more than 5.8 million installs and stole people's Facebook credentials.

The apps in question were Processing Photo, App Lock Keep, App Lock Manager, Lockit Master, Rubbish Cleaner, Horoscope Daily, Horoscope Pi, Inwell Fitness and PIP Photo. Combined these apps totalled a staggering 5.8 million installs on Android devices and encouraged users to connect their Facebook accounts and stole their account credentials.

These trojans were discovered by Doctor Web, a security company that makes anti-virus software. The company said that upon telling Google about the problem, the search giant has removed half of these from the Play Store, though some are still available to download.

What is worse is that the developer's of these apps could have potentially stolen credentials from other services too.

"Analysis of the malicious programs showed that they all received settings for stealing logins and passwords of Facebook accounts," a post on Doctor Web's site read.

"However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service."

In a recent interview with Brut CEO Guillame Lacroix, Apple's Tim Cook pointed out Android's malware problem, saying that, "Android has 47x more malware than iOS."

Google really needs a new vetting process for the apps that end up on the Play Store. With the popularity of Android and the millions of devices that are activate each day, it is a huge market for threat actors to prey on.