According to a statement released by Meta Platforms, around 1 million Facebook users may have had their account credentials stolen. The company asserts that a security issue in programs downloaded from Apple’s and Alphabet’s app stores is to blame for this.
The company disclosed on Friday that it has discovered more than 400 fraudulent Android and iOS apps made to steal users’ login information. According to Meta, it alerted Google and Apple to the issue and requested that the apps be taken down from their stores.
Facebook claims that these apps were successful in deceiving users into installing malware by passing for trustworthy applications like photo editors, mobile games, or health monitors.
For instance, if a person downloaded one of these harmful programs, a standard con would start. Because it would be useless without them, the program would deceive the user into providing their Facebook credentials. The finished image might then be shared on social networking sites like Facebook. Unfortunately, they gave the app’s designer access to their account by doing so.
According to David Agranovich, head of global threat disruption at Meta, cybercriminals “know how popular these apps are and will employ similar themes to deceive customers and steal their accounts and information.” If an app states that it has features for a different platform or social media site that has not yet been made public, it should raise a red signal.
With future victims, Meta said it will offer advice on how to avoid being “re-compromised” by learning how to spot dubious applications that collect credentials, whether for Facebook or other accounts.