A million Facebook users were alerted by Meta on Friday that they had been “exposed” to seemingly innocent smartphone applications that were actually spying on their login information for the social network.
Director of threat disruption David Agranovich revealed during a briefing that Meta has so far this year uncovered more than 400 “malicious” apps made for smartphones running Apple or Android operating systems and accessible from the Apple and Google app stores.
In order to trick people into downloading them, these apps were mislabeled as photo editors, games, VPN services, business apps, and other utilities and listed on the Google Play Store and Apple’s App Store, according to a blog post by Meta.
According to Meta’s security team, the apps frequently request Facebook login information from users in order to access promised features, and if these details are entered, they steal users’ usernames and passwords.
The apps, according to Agranovich, are only intended to deceive users into providing login information that will allow hackers access to their accounts.
“We will alert one million users that while they may have come into contact with these applications, it does not necessarily mean they have been compromised.”
Using a smartphone as a flashlight was one of the seemingly simple apps that made up more than 40% of the apps Meta listed.
The developers of these malicious apps, according to Agranovich, “seem to try to target multiple services,” adding that they are probably after passwords for more than just Facebook accounts.
Get people to download the applications all over the world in an effort to obtain as many login credentials as possible. “The targeting here seemed to be relatively indiscriminate.”
According to Meta, it communicated its findings to Google and Apple, both of which have vetting and control over what is available in their respective app stores.
When asked if it had taken any action against the apps Meta identified as malicious, Apple did not respond.
Google, however, claimed that most of the apps Meta flagged had already been found and taken down from the Play store by its own screening processes.
According to a spokesperson, “all of the apps mentioned in the report are no longer available on Google Play.”
Google Play Protect, which blocks these apps on Android, offers users additional protection.