Meta notified roughly one million Facebook users about login credentials that may have been stolen. According to the social media giant, the victims downloaded malicious apps through the Apple App Store and Google Play Store, after which their login credentials were captured.
Roughly 400 rogue applications, emphatically mentioned in a blog post, were allegedly used to capture victims’ login credentials. Meta notified Apple and Google about the apps in question. Apple told Bloomberg that 45 of the 400 apps could be downloaded through the App Store, with the remaining applications to be offered in the Play Store. All apps mentioned by Meta have since been removed from their respective virtual app platforms.
Almost 43 percent of the cases involved photo editing apps that supposedly allowed users to edit photos or turn themselves into a character. In many cases, they would be asked to log in through Facebook for more features. In this way, criminals were able to obtain the login credentials of the slaughter victims. VPNs, games and help apps such as flashlights are also said to be common among malicious applications.
A Meta employee tells Bloomberg, “Cybercriminals know how popular such apps are and use similar concepts to trick people into stealing login credentials. If an app is too good to be true, for example if it promises unreleased features for other platforms or social media, chances are there is malicious intent involved.”
Examples of some applications found by Meta with fake ‘Facebook’ login buttons. Image via Meta