Meta warns about password-stealing cheat apps
Meta warned on Friday that a million Facebook users have downloaded or used innocent-looking mobile apps designed to steal their Facebook password.
"We'll let a million people know that they may have been exposed to these apps, that doesn't necessarily mean they've been hacked," David Agranovich, director of Meta's cybersecurity teams, said during an interview at a news conference.
Since the beginning of the year, the parent company of Facebook and Instagram has identified more than 400 "malicious" apps, available on smartphones running iOS (Apple) and Android (Google). "These apps were present on the Google Play Store and Apple's App Store and were presented as photo editing tools, games, VPNs and other services," Meta said in a statement.
Once downloaded and installed on the phone, these deceptive apps asked users to enter their Facebook credentials to use certain features.
“They are simply trying to trick people into giving up their sensitive information so hackers can access their accounts,” said David Agranovich.
David Agranovich believes that the developers of these applications were probably looking to recover other passwords, not just those for Facebook profiles. "The orientation seemed pretty undifferentiated," he noted. The goal seemed to "get as many IDs as possible."
Discussions with Apple and Google
Meta said it has shared its findings with Apple and Google.
Apple did not respond to a request from AFP, but Google said it had already removed most of the apps reported by Meta from its Play Store. "None of the apps identified in the report are yet available on Google Play," a Google spokesperson wrote to AFP.
More than 40% of the reported applications were used to edit images. Others consisted of simple tools, to transform your phone into a flashlight, for example.
David Agranovich advised users to be careful when a service asks for credentials without good reason or makes "too good to be true" promises.