Meta warned a million Facebook users that they had been “exposed” to seemingly innocuous smartphone apps designed to steal Facebook passwords.
So far this year, Meta has identified over 400 “malicious” apps tailored for smartphones powered by Apple or Android software and available in the Apple and Google app stores, according to David Agranovich, director of threat disruption.
“These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them,” Meta said in a blog post.
According to Meta’s security team, the apps frequently ask people to login with their Facebook account information to use promised features, stealing usernames and passwords if entered.
“They are just trying to trick people into entering in their login information in a way that enables hackers to access their accounts,” Agranovich said of the apps.
“We will notify one million users that they may have been exposed to these applications; that is not to say they have been compromised.”
“Our sense is these types of malicious app developers try to target multiple services,” Agranovich said, noting the app creators are likely after passwords to more than just Facebook accounts.
“The targeting here seemed to be relatively indiscriminate — get people to download the applications around the world in an attempt to get access to as many login credentials as possible.”
Meta stated that it shared its findings with Apple and Google, who control what is available in their respective app stores and each vets offerings.
To know the malicious applications and how to deal with them click here.