A million Facebook users were alerted by Meta on Friday that they had been “exposed” to seemingly innocent password stealing smartphone applications that were actually spying on their login information for the social network.
Director of threat disruption David Agranovich revealed at a briefing that Meta has so far this year uncovered more than 400 “malicious” apps made for devices running Apple or Android operating systems and accessible through the Apple and Google app stores.
In order to deceive people into downloading them, these programmes were mislabeled as photo editors, games, VPN services, business apps, and other utilities and listed on the Google Play Store and Apple’s App Store, according to a blog post by Meta.
According to Meta’s security team, the apps frequently request Facebook login information from users in order to access promised capabilities, and if these details are entered, they steal users’ identities and passwords.
The apps, according to Agranovich, are just intended to deceive users into providing login credentials that will allow hackers access to their accounts.
“We will alert one million consumers that while they may have come into contact with these programmes, it does not necessarily mean they have been compromised.”
Using a smartphone as a flashlight was one of the seemingly easy apps that made up more than 40% of the apps that Meta highlighted.
The developers of these malicious apps, according to Agranovich, “seem to try to attack several services,” adding that they are probably targeting passwords for more than just Facebook accounts.
Get users to download the programmes all over the world in an effort to obtain as many login credentials as possible. “The targeting here seemed to be pretty indiscriminate.”
According to Meta, it communicated its findings to Google and Apple, both of which have vetting and control over what is available in their respective app stores.
According to Apple, just 45 of the 400 applications mentioned by Meta were on its operating system, and the company has already taken them out of its app store.
Google claimed that its own vetting mechanisms had already detected and deleted the majority of the apps Meta reported from the Play store.
According to a representative, “all of the apps mentioned in the article are no longer available on Google Play.”
Google Play Protect, which prohibits these apps on Android, offers users additional protection.