Following the theft of usernames and passwords for one million users, Facebook has issued a warning. The issue is caused by security flaws in a number of iOS and Android apps.
According to Facebook, 400 malicious apps on iOS and Android targeted users in order to steal sensitive login information.
Facebook warned about fraudulent apps for Android and iOS.
The respective owners of iOS and Android, Apple Inc. and Alphabet Inc., have been informed by Meta of the suspicious apps’ removal from their respective stores.
“Cybercriminals know how popular these types of apps are, and they’ll use similar themes to mislead people and steal their accounts and information,” said David Agranovich, director of global threat disruption at Meta.
How rogue apps can harvest passwords and usernames
Hackers posed as game developers, photo editors, lifestyle services, VPN providers, business apps, and other utilities to conceal their harmful software. They were able to deceive individuals into downloading them by doing this.
The company warned that compromised login credentials might provide hackers complete access to a victim’s friends and private accounts.
Most of the iOS apps were disguised as tools for managing advertisements for Meta and its Facebook affiliate.
Evidently, the scheme’s administrators also posted fictitious reviews to counteract any unfavourable comments made by potential app users.
The announcement was made at the same time as three Chinese and Taiwanese businesses are being sued by Meta-owned WhatsApp for allegedly misleading over a million users into compromising their own accounts. They are accused of accomplishing this by disseminating “bogus copies” of the chat software.
In order to obtain the claimed functionality, it is crucial to use caution before downloading apps and giving Facebook access. This entails carefully examining app reviews and permissions as well as confirming the legitimacy of the app developers.