Meta warned one million Facebook users on Friday that they have been “exposed” to seemingly innocuous smartphone apps designed to steal the social network’s passwords.
So far this year, Meta has identified more than 400 “malicious” apps designed for smartphones powered by Apple or Android software and available on the Apple App Store and Google Pay Store, the disruption manager says threats David Agranovich during a briefing.
“These apps were listed on the Google Play Store and Apple App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them,” Meta said in a statement. blog post.
Apps often ask users to log in with their Facebook account information to use promised features, stealing usernames and passwords if entered, according to Meta’s security team.
“They’re just trying to trick people into entering their login credentials so that hackers can access their accounts,” Agranovich said of the apps.
“We will notify one million users that they may have been exposed to these apps; it does not mean they have been compromised.”
More than 40% of the apps listed by Meta involved some means of editing or manipulating images, and some were apparently as simple as using smartphones as flashlights.
“Our feeling is that these types of malicious app developers are trying to target multiple services,” Agranovich said, noting that app makers are likely looking for passwords for more than just Facebook accounts.
“The targeting here seemed to be relatively indiscriminate – getting people to download the apps around the world in an attempt to gain access to as many login credentials as possible.”
Meta said he shared what he found with Apple and Google, which control what’s offered in their respective app stores and what each vet offers.
Apple did not respond to questions about whether it had taken action against any of the apps Meta deemed malicious.
But Google said most apps flagged by Meta had already been identified and removed from the Play Store by its own verification systems.
“All apps identified in the report are no longer available on Google Play,” a spokesperson told AFP.
“Users are also protected by Google Play Protect, which blocks these apps on Android.”