Facebook’s parent company #Meta has issued a warning to millions of users that they may have been “exposed” to apps that look innocent enough but are designed to steal their Facebook passwords.
Meta has identified over 400 “malicious” apps designed for Apple and Android smartphones since the beginning of 2022 alone.
Meta’s director of threat disruption, David Agranovich, explained, “They are just trying to trick people into entering their login information in a way that enables hackers to access their accounts. We will notify one million users that they may have been exposed to these applications, not to say they have been compromised.”
Agranovich continued, Our sense is these types of malicious app developers try to target multiple services. The targeting here seemed to be relatively indiscriminate – get people to download the applications around the world in an attempt to get access to as many login credentials as possible.”
Meta described the danger in a blog post; “These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them.”
Google had already removed most of the apps that Meta’s investigation flagged when they brought it to their attention through their internal algorithm, and the remainder has now been removed.
Apple has not responded about the potential breach in their App Store.