Over 400 Android and iOS apps that steal Facebook users’ login information have been found by Facebook’s parent company Meta.
Since many of these applications are available on third-party app stores, the tech giant has also published a complete list of these apps in a warning to users.
Numerous programmes have been found working on pretext of providing utilities like VPN services, photo editing capabilities, music, and other offerings. Some of them, like gaming apps, even require users to share their personal information while playing games.
Now according to Meta, the majority of such malicious apps have a false “Login With Facebook” prompt that they use to collect usernames and passwords.
It goes without saying that if the login information is taken, attackers might potentially acquire complete access to a user’s account including private messages with family, friends, and details of coworkers.
The company had previously alerted Google and Apple about the presence of malware apps on Google Play and Apple App Store, respectively, according to a blog post by David Agranovich, head of Threat Disruption, and Ryan Victory, malware identification and detection engineer at Meta.
According to the blog post, “They (Google and Apple) are also trying to provide warning users who may have unintentionally self-compromised their accounts by downloading these apps and giving their passwords, and are helping them to safeguard their accounts.”
Additionally, Meta explained that the attackers who created these apps post bogus reviews to deceive users. These apps also hide “bad evaluations left by users who have discovered the programmes’ malfunction or malevolent nature.”
In a precautionary note, Meta said users should only download programmes from legitimate app stores and research the publisher before doing so.
Meta advised users to change their passwords if their Facebook ID has been hacked. It also asked them to enable the two-factor authentication, preferably through the use of an Authenticator app such as Microsoft Authenticator or Google Authenticator.
Follow The420.in on