Researchers at Meta Inc., a company specialising in information security, have found over 400 “scammy apps” on the Google Play Store and the Apple App Store designed to steal users’ Facebook login information.
The team at Meta acknowledged that these applications often require users to “Log In with Facebook” before accessing certain functionalities. According to the company, these apps try to look like “fun or useful” services, like picture editors, camera apps, VPN services, horoscope apps, and programs that track your fitness.
David Agranovich, the company’s Director of Threat Disruption, stated that many of the discovered applications “were barely functional” and said that they offered little functionality before logging in. According to him, “the majority had no functionality even once a user logged in.”
Read also: Meta Launches ‘‘Creators Of Tomorrow” Campaign to Celebrate Emerging African Talents
Meta warns users of malicious apps
Meta warns 1 million Facebook users that third-party applications from Apple or Google’s stores may have exposed their account information. Most of these applications were harmful in both Google’s Play Store and Apple’s App Store, although most were Android apps.
An Engadget writer who attended the briefing stated that the malicious Android applications were largely consumer apps, such as picture filters, while the 47 iOS apps were nearly solely “business utility” apps. These services have titles like “Very Business Manager,” “Meta Business,” “FB Analytic,” and “Ads Business Knowledge.”
The briefing’s leader, Agranovich, claimed his organization shared its results with Apple and Google. “It was up to the shops to delete the applications,” the director said.
How should the victims respond?
If you were among the 1 million users who got Facebook’s warning, it’s likely that you installed or used one of these rogue programs, and your account information has been hijacked.
Step 1: Delete apps that need to “Log In with Facebook.”
Step 2: change your Facebook password and enable two-factor authentication.
Step 3: Enable log-in alerts to be alerted if your account is accessed.
Engadget verified that Apple and Google deleted all Meta-identified applications from their app stores. The representative said Google Play Protect bans these applications on Android.
A Google spokeswoman confirmed that all the applications mentioned in the report are no longer on Google Play.