One million Facebook users have downloaded or utilised what appear to be innocent mobile applications that are actually aimed to steal their account passwords, Meta said on Friday.
David Agranovic, director of cybersecurity teams at Meta, said during a news conference: “We will tell a million users that they may have been exposed to these applications, but this does not necessarily mean that their accounts have been compromised.”
The parent firm of Facebook and Instagram has been keeping an eye on more than 400 “harmful” apps that are accessible on cellphones running iOS from Apple and Android from Google since the year’s beginning.
According to a statement from Meta, “These applications were available on the Google and Apple App Stores as games, virtual private networks (VPNs), and other services.”
These “bombing” apps require users to submit their Facebook account information after being downloaded and installed on the phone in order to access certain functions.
These applications “attempt to entice users to divulge their personal information, in order to allow hackers to access their accounts,” according to Agranovich.
It’s likely that the authors of these applications don’t simply want to acquire Facebook credentials; they also want to steal other passwords.
Meta declared that it has told Apple and Google about its findings.
Google claimed to have taken the majority of the apps it had flagged as “meta” off its store.
According to a Google official speaking to AFP, “None of the apps named in the study are currently available on the Google Play Store.”
Apple, on the other hand, told AFP that only 45 of the 400 apps were iOS-compatible and had been taken down from the App Store.
More than 40% of the apps identified by Meta are for altering images, while others are restricted to basic functions like, for instance, converting the phone into a flashlight.
Users should be suspicious of apps that request metadata without justification or that make claims that are “too good to be true,” according to Agranovich.
“Meta” alerts users to password-stealing applications that are booby-trapped.
About Author
