Facebook Detects 400 Android and iOS Apps Stealing Users Log-in Credentials

Cyber Security

Products You May Like

Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information.

“These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them,” the social media behemoth said in a report shared with The Hacker News.

CyberSecurity

42.6% of the rogue apps were photo editors, followed by business utilities (15.4%), phone utilities (14.1%), games (11.7%), VPNs (11.7%), and lifestyle apps (4.4%). Interestingly, a majority of the iOS apps posed as ads manager tools for Meta and its Facebook subsidiary.

Besides concealing its malicious nature as a set of seemingly harmless apps, the operators of the scheme also published fake reviews that were designed to offset the negative reviews left by users who may have previously downloaded the apps.

The apps ultimately functioned as a means to steal the credentials entered by users by displaying a “Login With Facebook” prompt.

Facebook hack
Facebook hack

“If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information,” the company said.

CyberSecurity

All the apps in question have been taken down from both app stores. The list of 403 apps (356 Android and 47 iOS apps) can be accessed here.

As always with apps like these, it’s essential to exercise caution before downloading apps and granting access to Facebook to access the promised functionality. This includes scrutinizing app permissions and reviews, and also verifying the authenticity of the app developers.

The disclosure also comes as Meta-owned WhatsApp filed a lawsuit against three companies based in China and Taiwan for allegedly misleading over a million users into compromising their own accounts by distributing bogus versions of the messaging app.

Products You May Like

Articles You May Like

NASA Reportedly Plans to Use SpaceX Dragon to Bring Astronauts Stranded in Space Back to Earth
Human Brains Can Resist Decay for Up to 12,000 Years, Reveals Study
SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments
CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
ISRO and IIT Guwahati Discover New Challenges in Theories of X-Ray Pulsar

Leave a Reply

Your email address will not be published. Required fields are marked *