On Friday, Meta Platforms announced that it had discovered over 400 malicious apps on Android and iOS that it claimed were aimed at online users in order to steal their Facebook login credentials.
According to a study provided with The Hacker News by the social media giant, “These programs were placed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to deceive consumers into downloading them.”
Photo editors made up 42.6% of the malicious apps, followed by productivity apps (15.4%), phone utilities (14.1%), games (11.7%), VPNs (11.7%), and lifestyle apps (4.4%). It’s interesting to note that the bulk of iOS apps masqueraded as tools for managing ads for Meta and its Facebook affiliate.
The malicious actors not only disguised its nefarious nature as a collection of seemingly innocent apps, but they also posted fictitious reviews in an effort to counteract any unfavorable comments made by users who may have previously downloaded the apps.
By presenting a “Login With Facebook” prompt, the apps ultimately served as a way to steal the user login information.
Both app stores have removed all of the disputed apps. You may view the list of 402 apps, which includes 355 Android apps and 47 iOS apps.
It is crucial to use caution while downloading apps and providing access to Facebook in order to get the claimed functionality, as it is with all programs of this nature. This entails carefully examining app permissions and user evaluations as well as confirming the legitimacy of the app creators.
The disclosure was made at the same time that three Chinese and Taiwanese businesses were sued by Meta-owned WhatsApp for allegedly deceiving over a million users into compromising their own accounts by disseminating fake versions of the messaging software.