A million Facebook users were alerted by Meta that they had been “exposed” to relatively innocuous smartphone applications that were actually spying on their passwords for the social network.
David Agranovich, director of threat disruption, revealed at a briefing that Meta has so far this year detected more than 400 “malicious” apps made for smartphones and?accessible from the Apple and Google app stores.
In order to deceive users into installing them, these programs were offered on the Google Play Store and Apple’s App Store under false names such as photo editors, games, VPN services, business apps, and other utilities, according to a blog post by Meta.
According to Meta’s security team, the apps frequently request Facebook login information from users in order to access promised features, collecting usernames and passwords in the process.
The apps, according to Agranovich, “are essentially trying to fool individuals into filling in their login credentials in a way that allows hackers to access their accounts.”
We will let a million consumers know that, while they may not have been affected, they may have come into contact with these applications.
More over 40% of the apps that Meta identified included tools for editing or manipulating photographs, some of which were as basic as using flashlight apps on smartphones.
Agranovich noted that the developers of the malicious apps are probably targeting passwords for more than just Facebook accounts as he said, “Our understanding is that these types of malicious software developers tend to target many services.”
To gather as many login credentials as possible, the targeting in this case appeared to be very random: persuade individuals to download the applications globally.
Apple and Google, who each oversee what is sold in their respective app stores and each vet offerings, were informed of what Meta had learned, according to Meta.
On this issue, Apple did not respond, however, Google released the statement that the majority of the flagged apps which are stealing users personal data had already been identified by Google and apps were removed from Play Store as well.
A spokesperson told AFP that “all of the apps listed in the report are no longer available on Google Play.”