According to Meta Platforms Inc., it will alert around 1 million Facebook users that their account information may have been exposed as a result of security flaws with apps downloaded from Apple Inc. and Alphabet Inc.
The business revealed on Friday that it had discovered more than 400 malicious Android and iOS apps this year that prey on internet users in an effort to steal their login credentials. In order to expedite the removal of the apps, according to Meta, it alerted both Apple and Google to the problem.
According to Facebook, the apps functioned by passing themselves off as mobile games, photo editors, or fitness trackers.
Apple claimed that 45 of the 400 problematic apps had been taken down from the App Store. According to a representative, Google uninstalled all of the fraudulent apps in question.
According to David Agranovich, head of global threat disruption at Meta, “Cybercriminals know how popular these types of apps are and they’ll utilise similar themes to deceive customers and steal their accounts and information.” It’s likely that an app has hidden agendas if it makes too-good-to-be-true claims about previously undisclosed capabilities for another platform or social network platform.
For instance, a typical fraud would start once a consumer downloaded one of the harmful apps. The user would be tricked into supplying their username and password since the software would need a Facebook connection to perform any tasks that went beyond the bare minimum. After that, users might submit an updated photo, for instance, to their Facebook account. But by granting the app’s creator access, they unintentionally compromised their account.
In order to prevent being “re-compromised,” Meta said it would provide advice to potential victims on how to recognise problematic apps that steal login information, whether for Facebook or other accounts. According to Agranovich, the malicious activity took place outside of Meta systems, and not all 1 million users’ passwords were necessarily exposed.