Meta has identified more than 400 malicious apps on Android and iOS that were used to steal login information of Facebook users. The social media company published a report to share its findings.
More than 400 malicious Android and iOS apps have been used to steal Facebook logins
The Article – Commodity It reveals that the attackers hid their malware code in apps with misleading descriptions that promised different features. Malicious apps were launched on Google Play Store and Apple App Store under popular categories that people were likely to be interested in. This included photo editors, music players, VPNs, utility apps like flashlights, health and lifestyle apps, business apps, and even some fake games.
The report also goes on to explain how credentials are stolen by these apps. When the user downloaded a malicious app, they were asked to log into their Facebook account in order to access the features mentioned in the app menu. The application, in turn, sent the username and password to the attacker, who could use the credentials to gain full access to the account. The hacked profile can then be used to gain access to their private information, or even to send messages to their friends. In theory, this also puts other users at risk.
These malicious apps had a way to counter negative reviews left by users to warn others, developers posted fake reviews with positive reviews to cover up actual reviews, and tricked other users into downloading the app.
Meta advises users to secure their Facebook accounts
All that glitters is not gold. Meta has warned users that not all apps that ask them to sign in via Facebook are malicious, many legitimate apps use it as a way to offer their services. The company advises users to look out for telltale signs such as if the photo editor app requires you to log into Facebook just to start using the app. Can you use its features before or after logging in? You also want users to pay attention to the app’s reputation, number of downloads and ratings, and to read user reviews (even negative ones). To add to this, I suggest searching for the name of the app or the name of the developer, and see if the results match, and if there are articles related to the app.
Here are some examples of malicious apps that have been used to steal logins.
dead Counseling Users affected by the attack to reset their Facebook account passwords. It also educates people to enable two-factor authentication using app authenticators, to add an extra layer of security to protect their personal files. Users are also advised to enable login alerts to be notified when someone tries to access their account.
Article by Bloomberg (Payless Subscription System) says that more than 1 million user accounts may have been hacked by these apps. You can find a complete list of malicious apps identified by Meta on the Facebook blog. Facebook reported the malicious apps to Apple and Google, and asked the tech giants to remove the apps from their app stores. The social network also alerts users who are affected by the issue, letting them know that their accounts are not secure.
#Facebook #identified #malicious #Android #iOS #apps #stole #users #logins