Meta wants to make sure that users of Facebook are aware that there are hundreds of applications available in the app stores of both Apple and Google that were designed specifically to steal login information for the Facebook app.
According to the business, it has discovered more than 400 harmful programs that have the appearance of games, picture editors, and other useful applications. Users who “may have unwittingly self-compromised their accounts by installing these applications and exchanging their credentials” are being warned about the potential consequences of their actions. According to Bloomberg, there may have been as many as a million people impacted.
In its article, Meta alleges that users were duped into installing the applications by fraudulent reviews and assurances that they would be beneficial (both common tactics for other scam apps that are trying to take your money rather than your login info).
However, when users accessed certain applications, they were required to check in with their Facebook accounts before they could do anything else. If they did, the developers may get their login information and use it without their permission.
Meta claims that it informed Google and Apple about the applications and had them removed, but the fact that they were available in the first place is still a warning indication that something is wrong.
This is particularly true with regard to Apple. The business has opposed the practice of sideloading applications onto the iPhone for many years, claiming that the capability to install applications that aren’t available via the App Store is “a cyber criminal’s greatest buddy.”
It claims that its App Review process, which is designed to examine applications before they are uploaded to the App Store, has assisted it in developing a “trusted ecosystem for millions of applications.”
Despite this, the corporation has a hard time monitoring and removing fraudulent programs from its marketplace. There have been reports that some ones of these applications are raking in millions of dollars.
To be honest, the research that Facebook compiled reveals that the issue is far more widespread on the Play Store. 355 of the applications on the list were designed just for Android, while the remaining 47 were designed specifically for iOS.
The ones designed for Android were particularly fascinating since they spanned a broad variety of genres, including games, virtual private networks (VPNs), picture editors, and horoscope applications. On the other hand, each and every one of them for the iPhone dealt with the administration of company sites or advertisements.
(This does not imply that they did not have any suspicions, but it is difficult to understand how “Very Business Manager” was able to pass Apple’s App Review process.)
The Verge reached out to both Apple and Google for a comment on the matter, but neither firm immediately responded.
A post on Facebook provides some useful red flags to keep an eye out for in relation to applications that attempt to steal your login credentials. If the program doesn’t perform what it claims it does, locks all functionality behind a password, or has a lot of (perhaps concealed) unfavorable reviews, it’s usually better to avoid it and find another app that can be trusted more.