On Friday, Meta Platforms announced that it had discovered over 400 malicious apps on Android and iOS that it claimed were aimed at online users in order to steal their Facebook login credentials.
According to a study provided with Droid Tools by the social media giant, “These programs were placed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to deceive consumers into downloading them.”
42.6% of the rogue apps were photo editors, followed by business utilities (15.4%), phone utilities (14.1%), games (11.7%), VPNs (11.7%), and lifestyle apps (4.4%). Interestingly, a majority of the iOS apps posed as ads manager tools for Meta and its Facebook subsidiary.
The owners of the plan not only disguised its nefarious nature as a collection of seemingly innocent apps, but they also posted fictitious reviews in an effort to counteract any unfavorable comments made by users who may have previously downloaded the apps.
By presenting a “Login With Facebook” prompt, the apps ultimately served as a way to steal the user login information.
“If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information,” the company said.
Both app stores have removed all of the disputed apps. You may view the list of 402 apps, which includes 355 Android apps and 47 iOS apps.
It is crucial to use caution while downloading apps and providing access to Facebook in order to get the claimed functionality, as it is with all programs of this nature. This entails carefully examining app permissions and user evaluations as well as confirming the legitimacy of the app creators.
The disclosure was made at the same time that three Chinese and Taiwanese businesses were sued by Meta-owned WhatsApp for allegedly deceiving over a million users into compromising their own accounts by disseminating fake versions of the messaging software.