Meta warned its users © Belga Image
Meta warned on Friday that one million Facebook users have downloaded or used innocent-looking mobile apps designed to steal their social network password.
” We’re going to let a million people know they may have been exposed to these apps – it doesn’t necessarily mean they were hackedDavid Agranovich, a director of Meta’s cybersecurity teams, said at a press conference.
Since the beginning of the year, the parent company of Facebook and Instagram has identified more than 400 “malicious” applications, available on smartphones operated by iOS (Apple) and Android (Google).
These apps were present on the Google Play Store and Apple’s App Store and posed as photo editing tools, games, VPNs and other services,” Meta detailed in a statement.
Once downloaded and installed on the phone, these booby-trapped apps asked users to enter their Facebook credentials in order to use certain features. ” They’re just trying to trick people into giving up their confidential information so hackers can access their accounts.“, summed up David Agranovich.
He believes that the developers of these applications were probably looking to recover other passwords, not just those of Facebook profiles. “Targeting seemed pretty undifferentiated,” he noted. The goal seemed to “get as many IDs as possible”.
Meta said it shared its findings with Apple and Google. Google said it has already removed most apps flagged by Meta from its Play Store. ” None of the apps identified in the report are yet available on Google Play“said a Google spokesperson.
Apple for its part specified that only 45 of the 400 applications were on iOS and that they have already been removed from the App Store. More than 40% of the applications reported by Meta were used to edit images. Others consisted of simple tools, to transform his telephone into a flashlight for example. David Agranovich advised users to be wary when a service asks for credentials for no good reason or makes “too good to be true” promises.