A harsh warning made Meta this Friday, October 7, almost 1 million Facebook usersdue to the possibility that data and passwords have been stolen after downloading third-party applications that are in the Android and iOS stores.
In a new report, the company’s security researchers say they have identified more than 400 rogue apps designed to hijack users’ Facebook account credentials in the past year.
According to the company, the apps are disguised as “fun or useful” services, such as photo editors, camera apps, VPN services, horoscope apps, and fitness tracking tools.
Apps often require users to “sign in with Facebook” before they can access promised features. But these login features are simply a means to steal Facebook users’ account information. And Meta’s Director of Threat Interruption, David Agranovich, noted that many of the apps Meta identified were barely working.
“Many of the apps provided little or no functionality before login, and most provided no functionality even after a person agreed to login,” Agranovich said during a briefing with reporters.
It should be noted that Meta found malicious applications in both the Google Play Store and the Apple App Store, although the vast majority were Android applications. Interestingly, while the malicious Android apps were mostly consumer apps like photo filters, the 47 iOS apps were almost exclusively what Meta calls “business utility” apps. These services, with names like “Very Business Manager,” “Meta Business,” “FB Analytic,” and “Ads Business Knowledge,” appeared to be specifically targeted at people using Facebook’s business tools.