In a security alert, Meta, Facebook’s parent company, has cautioned one million Facebook users about miscreant applications that might have accessed their login credentials.
Hostile apps trick users to share credentials
In its blog post on Friday, Meta claimed that its researchers have found, in the current year, over 400 hostile Android and Apple iOS applications that intended to access Facebook login credentials and related personal information of the company’s customers.
The company said that the users might have compromised their accounts by downloading these apps which ask users to log in with their Facebook accounts and then their credentials are easily shared with the mischievous apps.
Once login credentials are taken, attackers may be able to access a user’s whole account, including their personal data and friend list. These apps use tricks to hide negative reviews by users who have recognized them which include publishing fake reviews to portray them as authentic.
Gabby Curtis, a spokesman for Meta, said that the company has issued warnings to a million customers who might have fallen victim to these applications. The company also discovered that these apps were misleading customers by faking themselves to be gaming, picture editors, health, lifestyle, and apps from other categories and lured customers to install these from Apple and Google Play Store’s apps.
“This is a very adversarial sector and while our industry partners fight to detect and remove malicious software, some of these applications defy detection and make it into legal app stores,” the Threat Disruption Director at Meta and the Malware Discovery and Detection Engineer at the company noted.
Meta provides solutions
Meta informed that it notified the said applications, Apple and Google, who have now removed these apps. Google spokesperson Edward Fernandez said in a statement, “apps highlighted in the investigation are no longer accessible on Google Play.”
To prevent further damage, Meta recommends that users who think they may have downloaded any such apps and logged in to them by using any of their accounts, enable two-factor authentication, turn on log-in alerts and report the app to Meta through its Data Abuse Bounty program.
