According to Meta Platforms Inc., it will alert around 1 million Facebook users that their account information may have been exposed as a result of security flaws with apps downloaded from Apple Inc. and Alphabet Inc.
The business revealed on Friday that it had discovered more than 400 nefarious Android and iOS apps this year that prey on internet users in an effort to steal their login credentials. In order to expedite the removal of the apps, according to Meta, it alerted both Apple and Google to the problem.
According to Facebook, the apps functioned by passing themselves off as mobile games, photo editors, or fitness trackers.
Have fun reviewing movies and drinks
Apple said 45 of the 400 problematic apps were on its App Store and have been removed. Google removed all the malicious apps in question, a spokesperson said.
“Cybercriminals know how popular these types of apps are, and they’ll use similar themes to trick people and steal their accounts and information,” said David Agranovich, director of global threat disruption at Meta. “If an app is promising something too good to be true, like unreleased features for another platform or social media site, chances are that it has ulterior motives.”
A typical scam would unfold, for example, when a user uploaded an edited photo from a malicious app to their Facebook account. A phony login prompt would appear, tricking the user into providing their username and password.
In order to prevent being “re-compromised,” Meta committed to share advice with potential victims on how to recognize unreliable apps that steal login information from Facebook or other accounts. According to Agranovich, the malicious activity took place outside of Meta systems, and not all 1 million users’ passwords were necessarily exposed.
