October 7, 2022, 19:29 PM
October 7, 2022, 19:29 PM
Meta warned on Friday that One million Facebook users downloaded or used apparently innocuous mobile applications, but designed to steal their password to access the social network.
“We are going to inform a million people who could have been exposed to these applications – lor that does not necessarily mean that they have been piratedDavid Agranovich, a director of Meta’s cybersecurity teams, said during a press conference.
Since the beginning of the year, Meta, the parent company of Facebook and Instagram, identified more than 400 “malicious” applicationsavailable for smartphones operated with iOS (Apple) and Android (Google).
“These applications were present in the Google Play Store and the Apple App Store and posing as photo editing tools, gaming tools, VPN tools, and other services“Meta specified in a statement.
Once downloaded and installed on the phone, these apps asked users for their Facebook credentials in order to use some features.
“They tried to entice people to give their confidential information to allow hackers to access their accounts“, summed up Agranovich, who estimates that the developers of these applications were probably looking to recover other passwords, not just those of Facebook.
“The targeting seemed to be relatively indiscriminate,” he noted. It was about “getting as many as possible” passwords.
Meta stated that it has shared its findings with Apple and Google.
Apple told AFP that only 45 of the 400 apps identified by Meta were available. in its operating system, and that the company removed them from the App Store.
While Google indicated that it had removed most of the reported applications from its Play Store.
“None of the apps identified in the report are still available on Google Play,” a Google spokesperson wrote to AFP.
More than 40% of the applications indicated were used to edit images. Others were simple tools, to turn your cell phone into a flashlight, for example.
Agranovich advised users to be careful when an app asks for passwords without a valid reason or makes promises “too good to be true.”
