Facebook Meta Warns 1 million Users malicious apps are stealing user info

 Over 400 malicious Android and iOS apps have been identified in 2022.  The apps which were downloaded from Google and Apple stores target Facebook to steal user login info. 

Meta said it has reported the results of its investigation to both Apple and Google. Apple Inc. and Alphabet Inc. informed Meta that those suspicious apps have been removed from their stores. 

Malicious apps after login details

David Agranovich, Director of Threat Disruption at Meta explained that the majority of the applications are advertised as having “fun or useful functionality.” But they actually have very limited features or none at all.

“Malicious developers create malware apps disguised as apps with fun or useful functionality like cartoon image editors or music players — and publish them on mobile app stores.” Agranovich urged users not to be fooled.

These downloadables include mobile games, photo editors, virtual private networks, and health trackers. The software asks users to log in with their Facebook accounts to unlock additional capabilities. Don’t take the bait!

“Many of the apps provided little to no functionality before you logged in, and most provided no functionality even after a person agreed to login,” Agranovich said at a press briefing.  

He also described this type of fraud activity as a “spray and pray.” It doesn’t target any specific countries or regions. And the fraudster is just trying to obtain as many login credentials, as possible.  

Meta sends user notifications

Facebook is sharing the details with nearly 1 million Facebook users whose accounts may have been compromised.

“Cybercriminals know how popular these types of apps are, and they’ll use similar themes to trick people and steal their accounts and information,” Agranovich noted.

 “If an app is promising something too good to be true, like unreleased features for another platform or a social media site, chances are that it has ulterior motives.”