The security of millions of Facebook users’ passwords may have been compromised as the result of malicious third-party apps, according to Meta, the social media giant. It has recently been reported by the company’s security researchers that there are over 400 scam apps designed to steal Facebook passwords in a new report that has been published by the company’s security researchers.
Apparently, these apps that may seem harmless appeared to be disguised as “fun or useful” services such as photo editors, camera apps, fitness tracking apps, VPN services, and more. This report may lead you to believe that these apps are harmless. In order to make things as easy as possible for you, these apps provided a feature that allowed you to log in in Facebook just like many other apps. The purpose of these login features was, however, to steal the passwords of those users who had signed up for Facebook.
As a Director of Threat Disruption at Meta, David Agranovich explained, most of these apps are not only unable to execute their own functions, but they even lack their own functionality. A few days ago, he held a press conference where he was able to state the following:
Several of the apps offered little to no functionality before you signed in, and many of the apps did not provide any functionality even after you agreed to login with your account information.
Both Apple’s App Store and Google Play Stores were storing these malicious applications, but a majority of them were Android apps, and most of them were available on both of them. Among the 47 iOS apps appearing in Meta’s database, the vast majority are business applications, while the Android apps, according to Meta, are mostly consumer apps, such as photo filters. As you might have guessed from the names on the list, they ranged from “Very Business Manager”, “Meta Business”, “FB Analytic”, “Ads Business Knowledge”, and more.
Upon discovering the app, Meta immediately shared its findings with Apple and Google and sent out warnings to 1 million users, in order to alert them to the fact that they may have used the app. During the notification process, users were notified that the information associated with their Facebook accounts may have been compromised.
There is confirmation from Apple and Google that all of these apps have been removed from their respective app stores. According to a statement released by a Google spokesperson:
There are no longer any apps available for download on Google Play that were identified in the report. The Android users are also protected by Google Play Protect, an app-blocking service accessible via the Google Play Store.
