Meta has uncovered 400 malicious apps that are designed to steal personal details and passwords of Facebook accounts. The services work under the false guise of photo editors, mobile games, VPN, business, or health tracker apps. Facebook said; “Our security researchers have found more than 400 malicious Android and iOS apps this year that were designed to steal Facebook login information.”
How Do Malicious Apps Works?
According to the report published by Meta, as soon as the user downloads any of the malicious apps, it will ask the user to log in with Facebook using their credentials, such as; usernames and passwords. The information gets easily stolen from there and attackers gain access to a person’s account and private information. Meta has warned users to be wary of any app that doesn’t work without providing a Facebook login and password.
Meta said that the malicious apps were available on App Store and Google Play, out of which 45 apps were removed from the App store while a Google spokesperson confirmed that the company has identified and removed a majority of the problematic Android apps even before Meta’s notification. The official statement from Facebook reads; “The apps were designed to steal Facebook login information and compromise people’s accounts.”
Meta Send Out Alerts to the Compromised Accounts
David Agranovich, Director, Threat Disruption, and Ryan Victory, Malware Discovery and Detection Engineer at Meta stated that they have alerted people who might have unknowingly “self-compromised their accounts” by downloading these apps and sharing their credentials. The company had also warned that if the login information is stolen, attackers could potentially access a person’s account and perform various activities like messaging friends and uploading content.