Meta (formerly Facebook) has warned that their research has uncovered that up to one million users may have had their Facebook accounts compromised. In a press release, the company states that they have identified as many as 400 malicious apps downloaded from Google’s Android and Apple’s iOS operating systems that have been designed to steal the log-in information of Facebook users. Most of these malicious posed as photo editors, games, VPNs, health trackers, and utility apps like torchlight among others to trick users into downloading them. Once downloaded, app users are asked to log in with their Facebook account, which enables hackers to steal log-in information.
Following the discovery, Meta has reached out to both Google and Apple and the malicious apps have been taken down from both app stores. Hackers embed malware in apps that lets you “cartoonize” yourself or “which celebrity you look like” and apps useful functionality like “torchlight range extender” and publish them to the app stores. They also publish fake reviews and neutralize any negative reviews by people who have spotted the malicious nature of the apps. The report says this leak includes millions of files containing information such as usernames, phone numbers, marital status, locations, birth dates, email addresses and in some cases, complete bios.
The release has outlined what these malicious apps may look like. Majority of photo editors that claim to allow you to turn yourself into a cartoon and VPNs purporting to boost browsing speed or grant access to blocked content or websites. There are other cases in which the malicious apps are presented as apps that claim to brighten your mobile device’s torch and mobile games that claim to somehow “boost” the gameplay into high-quality 3D graphics. Meta has also warned users to exercise caution while downloading health and lifestyle apps such as horoscopes and fitness trackers as these often require you to give your date of birth and your location access which makes the hacker’s job easy.
Meta has also reached out to its users warning them of the potential compromise and published a list of malicious apps that they have found. The company has urged its users to enable two-factor authentication, preferably using an Authenticator app to add an extra layer of security. It is also wise to have separate passwords and not use shared passwords across social media. Users can also turn on log-in alerts so they can be notified if someone is trying to gain unauthorized access.
Links
- Malware Apps May Have Stolen The Passwords Of 1 Million Facebook Users, Meta Says – Forbes
- Sell your pre-owned smartphone device online – iGotOffer
Meta Warns Users of Password Stealing Apps [Video]
Video uploaded by Bloomberg Technology on October 7, 2022
Facebook
Twitter
RSS