Facebook login credentials of one million users compromised through 400 malicious apps on Android, iOS: Meta

In a stunning claim, Facebook's parent company Meta has warned over one million users about potential data leaks through 400 malicious apps present in app stores of Android and iOS. Meta said that the login information of around a million users was potentially compromised through these apps.

In a blog post titled "Protecting People From Malicious Account Compromise Apps", David Agranovich, Director, Threat Disruption and Ryan Victory, Malware Discovery and Detection Engineer at Meta said that the company identified more than 400 malicious Android and iOS apps this year that target people across the internet to steal their Facebook login information. "We reported our findings to Apple and Google and are helping potentially impacted people to learn more about how to stay safe and secure their accounts," he said.

Also Read: Centre keeps GPF, CPF other government provident fund interest rates unchanged at 7.1 per cent

According to the statement, the leak took place due to malicious apps. "These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them. Some examples include Photo editors, including those that claim to allow you to “turn yourself into a cartoon, VPNs claiming to boost browsing speed or grant access to blocked content or websites, Phone utilities such as flashlight apps that claim to brighten your phone’s flashlight, Health and lifestyle apps such as horoscopes and fitness trackers etc," it said.

Meta said that malicious developers create malware apps disguised as apps with fun or useful functionality — like cartoon image editors or music players — and publish them on mobile app stores and often publish fake positive reviews to trick people.

"When a person installs the malicious app, it may ask them to 'Login With Facebook' before they are able to use its promised features. If they enter their credentials, the malware steals their username and password," said the Meta.

Facebook said that cybercriminals know how popular these types of apps are and warned users against cybercriminal's tricks.