Since the beginning of the year, the Facebook and Instagram parent company has identified more than 400 “malicious” applications, available on smartphones operated by iOS (Apple) and Android (Google).
Meta warned, Friday, October 7, that a million Facebook users have downloaded or used mobile applications with an innocent appearance but designed to steal their password from the social network. “This does not necessarily mean that they were hacked,” said David Agranovich, director of Meta cybersecurity teams at a press conference.
Since the beginning of the year, the Facebook and Instagram parent company has identified more than 400 “malicious” applications. “These apps were present on the Google Play Store [Android] and the Apple App Store [iOS] and pretended to be photo editing tools, games, VPNs and other services,” said Detailed meta in a Communicated .
undifferentiated targeting
Once downloaded and installed on the phone, these trapped applications asked users to enter their Facebook identifiers to be able to use certain features. “They just try to encourage people to give their confidential information to allow hackers to access their accounts,” summed up David Agranovich.
He believes that the developers of these applications were probably looking to recover other passwords, not just those of Facebook profiles. “Targeting seemed quite undifferentiated,” he said. The goal seemed “to get as many identifiers as possible”.
Meta said he shared her conclusions with Apple and Google. Apple did not respond to a request from the France-Presse agency (AFP), but Google replied that it has already withdrawn from its play store most of the applications reported by Meta. “None of the apps identified in the report is yet available on Google Play,” wrote a Google spokesperson for AFP.
More than 40 % of the applications reported were used to edit images. Others consisted of simple tools, to transform your phone into a torch lamp for example. Meta said that she would share advice with potential victims about how they can avoid being “compromised again” by learning to better identify the problematic applications that steal identification information, whether for Facebook or other accounts. David Agranovich, however, recommended that users be wary of a service that requires identifiers for no valid reason or made promises “too beautiful to be true”.