Meta reveals 400 malicious Android and iOS apps designed to steal logins

Meta reveals 400 malicious Android and iOS apps designed to steal logins

Meta has unveiled more than 400 mobile apps designed to trick users into giving up their login information, including two-factor authentication codes.

The company’s malware detection team discovered malicious Android and iOS apps last year while investigating cyber threats to Facebook. Meta says it’s difficult to estimate how many users may have downloaded apps or given up login credentials as a result, but the company plans to alert suspected victims.

“So we’re over here. We’re going to notify a million users that they may have been exposed to one of these apps,” Meta threat disablement director David Agranovic said in a briefing with reporters. He added that the apps targeted people indiscriminately.

Malicious apps disguised themselves as legitimate software like photo editors, VPNs, games, or even flashlight apps. However, they will also require the user to log in with a Facebook account or other platform.

Example of some applications. (credit: meta)

“Many apps offered little or no functionality before logging in,” Agranovic said. “Most of them didn’t submit any jobs even after logging in.” But the login prompt can steal any username, password, and two-factor authentication code entered. The hackers can then use the stolen access to perpetuate other frauds.

The apps also managed to bypass the guarantees of the Google Play Store and Apple App Store to be included in the list. According to a Meta report, 42.6% of malicious apps posed as photo editors, while 11.7% pretended to be VPNs. Meanwhile, affected iOS apps focused on offering business utilities with names like Business Manager Pages and Ads Optimization Define.

“Cybercriminals know how common these types of apps are, and they will use similar features to trick people into stealing their accounts and information,” Agranovic added.

Application collapse

(credit: meta)

Meta has already reported its findings to both Apple and Google.

Google tells PCMag: “All of the apps identified in the report are no longer available on Google Play. Users also have Google Play Protect, which blocks these apps on Android.” The company adds that the majority of the malicious apps mentioned in the Meta report were already identified and pulled from Google Play by the company earlier in the year.

Apple says all 45 malicious iOS apps have also been removed from the company’s App Store. He adds that it has zero tolerance for fraud and malicious activities on the App Store.

Recommended by our editors

dead Report(Opens in a new window) It contains a complete list of affected apps, most of which are Android apps.

To protect yourself, Meta encourages users to check out app reviews before downloading. Negative reviews, in particular, may indicate whether the app is a scam or not. It’s also a good idea to avoid apps that ask you to sign in with an official Facebook, Google, or Apple account in order to access all the features.

“Does this request to log in with Facebook make sense? If the flashlight app requires you to sign in with Facebook before it gives you any flashlight functionality, that’s probably something to be suspicious of,” Agranovic added.

To identify users who may have been compromised, Agranovich said Meta will look at factors such as evidence that their accounts may have been hacked or accessed in a certain way.

Security Monitor A newsletter of our top privacy and security news delivered straight to your inbox. “,” first_published_at “:” 2021-09-30T21: 22: 09.000000Z “,” publish_at “:” 2022-03-24T14: 57: 33.000000Z “,”last_published_at”: “2022-03-24T14: 57: 28.000000 Z”, “created_at”: null, “updated_at”: “2022-03-24T14: 57: 33.000000Z”}) “x-show=” showEmailSignUp()” class=” rounded bg-grey-lightest text-center md” : px-32 md: py-8 p-4 mt-8 container-xs “>

Like what are you reading?

sign for Security Monitor A newsletter of our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, deals or affiliate links. Subscribing to a newsletter indicates your agreement to Terms of use And the privacy policy. You can unsubscribe from newsletters at any time.


#Meta #reveals #malicious #Android #iOS #apps #designed #steal #logins

Leave a Comment

Your email address will not be published. Required fields are marked *