Meta said it would notify roughly 1 million Facebook users that their account credentials may have been compromised due to security issues with apps downloaded from Apple and Alphabet's software stores.
The company announced Friday that it identified more than
400 malicious Android and iOS apps this year that target internet users in
order to steal their login information. Meta said it informed both Apple and
Google about the issue in order to facilitate the removal of the apps.
The apps worked by disguising themselves as photo editors,
mobile games, or health trackers, Facebook said.
Apple said 45 of the 400 problematic apps were on its App
Store and have been removed. Google removed all the malicious apps in question,
a spokesperson said.
“Cybercriminals know how popular these types of apps are,
and they'll use similar themes to trick people and steal their accounts and
information,” said David Agranovich, director of global threat disruption at
Meta. “If an app is promising something too good to be true, like unreleased
features for another platform or social media site, chances are that it has
ulterior motives.”
A typical scam would unfold, for example, after a user
downloaded one of the malicious apps. The app would require a Facebook login to
work beyond basic functionality, thus tricking the user into providing their
username and password. Users could then, for example, upload an edited photo to
their Facebook account. But in the process, they unknowingly compromised their
account by giving the author of the app access
Meta said it would be sharing tips with potential victims on
how they can avoid being “re-compromised” by learning how to better spot
problematic apps that pilfer credentials, whether for Facebook or other
accounts. The malicious activity occurred off Meta systems, Agranovich said,
adding that not all 1 million people necessarily had their passwords
compromised.
0 comments:
Post a Comment