According to Meta Platforms, it would inform around 1 million Facebook users that their account credentials may have been compromised due to security issues with apps downloaded from Apple Inc. and Alphabet’s software stores.
The company said that this year it has recognized over 400 malicious Android and iOS apps that target internet users in order to steal their login information. Meta said it informed both Apple and Google about the issue in order to facilitate removal of the apps.
The apps worked by disguising themselves as photo editors, mobile games or health trackers, Facebook said.
Apple said that 45 of the 400 problematic apps were present on its App Store and has removed them. Google removed all the malicious apps in question, a spokesperson said.
“Cybercriminals know how popular these types of apps are, and they’ll use similar themes to trick people and steal their accounts and information,” said David Agranovich, Director of Global Threat Disruption at Meta. “If an app is promising something too good to be true, like unreleased features for another platform or social media site, chances are that it has ulterior motives.”
A typical scam would unfold, for example, when a user uploaded an edited photo from a malicious app to their Facebook account.
A phony login prompt would appear, tricking the user into providing their username and password.
Meta said it would be sharing tips with potential victims on how they can avoid being “re-compromised” by learning how to better spot problematic apps that pilfer credentials, whether for Facebook or other accounts. The malicious activity occurred off Meta systems, Agranovich said, adding that not all 1 million people necessarily had their passwords compromised.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.