Facebook’s owner Meta is warning users that as many as one million users may have had their login information stolen.
As CBS News reports, Meta has warned that as many as 1 million Facebook users might have had their login information stolen. The warning comes as Meta discovered over 400 malicious Android and Apple apps that target people on the internet to steal their Facebook login information. According to the company, it has reported its findings to Google and Apple and helped potentially impacted people to learn more about how to remain safe and secure their accounts.
“We identified more than 400 malicious Android and iOS apps this year that target people across the internet to steal their Facebook login information,” Meta said in a statement.
According to the statement, Meta shared their findings with industry peers, security researchers and policymakers to help Meta improve its collective defence against the threat. Meta urged users to remain cautious when downloading a new application that requires credentials of social media account as these apps were inaccessible in third-party app stores. The company noted that these apps were listed on Google Play Store and Apple’s app store and were disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them.
In the statement, David Agranovich, Director of Threat Disruption at Meta, and Ryan Victory, Meta’s Malware Discovery and Detection Engineer, say that they have given details regarding malicious apps to their peers at Apple and Google and these apps have been taken down from both app stores. David Agranovich and Ryan Victory further stated that they have alerted people who might have unknowingly “self-compromised their accounts” by downloading these apps and sharing their credentials. It warned that if the login information is stolen, attackers could potentially access a person’s account and perform various activities like messaging your friends. It advised people to delete the app from their device if they downloaded the malicious app and have logged in with social media credentials. The company has also released steps that they need to consider before logging into a mobile app with their Facebook account.
“Malicious developers create malware apps disguised as apps with fun or useful functionality — like cartoon image editors or music players and publish them on mobile app stores. To cover up negative reviews by people who have spotted the defunct or malicious nature of the apps, developers may publish fake reviews to trick others into downloading the malware,” David Agranovich and Ryan Victory said in a statement.
A Meta spokesperson said the company is reaching out to the users who may be at risk. Google has already removed those apps from the Google Play store.
—
Photo Credit: pixinoo / Shutterstock.com