Meta Platforms revealed Friday that it has identified more than 400 malicious apps on Android and iOS. They said they targeted online users with the intention of stealing their Facebook login credentials.
“These apps were listed on the Google Play Store and Apple’s App Store to trick people into downloading them under the guise of photo editing, games, VPN services, business apps, and other utilities,” said social media. giant company of Said In a report shared with The Hacker News.
Photo editing apps accounted for 42.6% of rogue apps, followed by business utilities (15.4%), phone utilities (14.1%), games (11.7%), VPNs (11.7%), and lifestyle apps (4.4%). Interestingly, most of the iOS apps masqueraded as advertising management tools from Meta and its subsidiary Facebook.
Besides hiding its malicious nature as a set of seemingly harmless apps, the operators of this scheme were designed to offset the negative reviews left by users who may have previously downloaded the apps. I also published fake reviews.
The app ultimately acted as a means of stealing user-entered credentials by displaying a “Login with Facebook” prompt.
“If login credentials are stolen, an attacker could gain full access to an individual’s account, send messages to friends, and access private information,” the company said.
All the apps in question have been removed from both app stores. Access a list of 402 apps (355 Android apps and 47 iOS apps) here.
As with any app like this, you should be careful before downloading the app, granting access to Facebook, and accessing the promised features. This also includes scrutinizing app permissions and reviews, and verifying the authenticity of app developers.
This disclosure also comes as WhatsApp owned by Meta filed a lawsuit Three companies based in China and Taiwan have been accused of misleading more than 1 million users into compromising their accounts. fake version of the messaging app.