Meta Platforms revealed on Friday that it has identified more than 400 malicious apps on Android and iOS that target online users with the goal of stealing their Facebook credentials.
These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them. “, the social media giant said in a report shared with The Hackers.
42.6% of apps masquerading as photo editors, followed by business gadgets (15.4%), phone gadgets (14.1%), games (11.7%), VPN ( 11.7%) and lifestyle apps (4.4%). Interestingly, the majority of iOS apps are set up as ad management tools for Meta and its Facebook subsidiary.
Besides masking its malicious nature in the form of a collection of seemingly innocuous apps, the program’s operators also publish fake reviews designed to compensate for bad reviews. negative rates left by users who may have previously downloaded the app.
Finally, the apps act as a means to steal user-entered credentials by displaying a “Sign in with Facebook” prompt.
“If credentials are stolen, attackers can gain full access to a person’s account and do things like message their friends or access information,” the company said. individual”.
All the apps mentioned have been taken down from both app stores. A list of 402 apps (355 Android apps and 47 iOS apps) can be accessed here.
As always with apps like this, you need to exercise caution before downloading apps and giving Facebook access to access the promised functionality. This includes scrutinizing the app’s permissions and reviews, and verifying the app’s developer’s authenticity.
The revelation also comes as Meta-owned WhatsApp has filed a lawsuit against three companies based in China and Taiwan for allegedly deceiving more than a million users into compromising their own accounts by analyzing mix bogus version of the messaging app.