Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing. “Alexa, steal my passwords.” It’s not a phrase a user is likely to utter, but security researchers in Germany have shown that it’s possible for malicious apps — Alexa “skills” and Google Home “actions” — to launch phishing attacks on users, forward the compromised credentials to criminals, and do it all in apps approved for use by the voice-assistant giants.
Source: Dark Reading