Meta Flags Malicious Android, iOS Apps Affecting 1M Facebook Users

/in


Facebook is contacting about 1 million users of its platform about their account details potentially being compromised by malicious Android or iOS applications.

In a blog post on Oct. 7, Facebook’s parent company Meta said its researchers had detected 400 malicious Android and iOS apps over the past year that were designed to steal usernames and passwords belonging to Facebook users and to compromise their accounts. The poisoned apps were uploaded to Google’s and Apple’s app stores and masqueraded as legitimate games, VPN services, photo applications, and other utilities.

When users downloaded and attempted to use one of the malicious apps, it would prompt them to enter the user’s Facebook username and password. If a user entered their credentials, attackers would gain full access to the individual’s account, private information, and their friends on the social media platform, Meta said.

“This is a highly adversarial space, and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores,” David Agranovich, Meta’s director of threat disruption, and Ryan Victory, malware discovery and detection and engineer, wrote in the blog post. 

Meta reported the apps to Apple and Google, and the researchers noted, “We are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials and are helping them to secure their accounts.”

Posed as Legitimate Apps

Many of the iOS and Android apps that Meta detected on Apple and Google’s mobile stores purported to have some fun or useful functionality, like music players and cartoon image editors. A plurality (42%) posed as photo editors, some of which claimed they could turn a user’s photo into a cartoon. 

About 15% purported to be business utilities, such as VPNs that claimed to help users access blocked content and websites or to boost their Internet browsing speeds; 14% were phone utilities, such as flashlight apps that purportedly helped brighten the phone’s flashlight. 

Mobile games accounted for about 11% of the 400 or so malicious apps that Meta’s researchers discovered. Fake reviews might have…

Source…