A million Facebook users were forwarded a warning from Meta on Friday that they had been “exposed” to password-stealing smartphone apps that appeared to be harmless.
David Agranovich, director of threat disruption, revealed at a briefing that Meta has so far this year detected more than 400 “malicious” apps made for cellphones running Apple or Android software and accessible from the Apple and Google app stores.
In order to deceive customers into downloading them, these programs were offered on the Google Play Store and Apple’s App Store under false names such as photo editors, games, VPN services, business apps, and other utilities, according to a blog post by Meta.
According to Meta‘s security team, the apps frequently request Facebook login information from users in order to access promised features, collecting usernames and passwords in the process.
The apps, according to Agranovich, “are essentially trying to fool individuals into filling in their login credentials in a way that allows hackers to access their accounts.”
We will let a million consumers know that, while they may not have been affected, they may have come into contact with these applications.
More than 40% of the apps that Meta identified included tools for editing or manipulating photographs, and some of them appeared to be as basic as using flashlight apps on cellphones.
Agranovich noted that the producers of the malicious apps are probably targeting passwords for more than just Facebook accounts when he said, “Our understanding is that these types of malicious software developers tend to target many services.”
To gather as many login credentials as possible, the targeting in this case appeared to be very indiscriminate: persuade individuals to download the applications globally.
Concerning whether it took any action against the programs Meta deemed malicious, Apple did not react to inquiries.
Google, however, claimed that the majority of the applications Meta reported had already been discovered and eliminated from the Play store by its own vetting processes.
A spokeswoman told AFP that “all of the apps listed in the research are no longer available on Google Play.”
Users are additionally secured by Google Play Protect, which disables some Android apps.