Meta has warned 1 million Facebook users that their account information may have been compromised by a third-party app from Apple’s or Google’s stores. In a new report, the company’s security researchers say they have identified more than 400 fraudulent apps designed to hijack a user’s Facebook account credentials in the last year.
According to the company, these apps masquerade as “fun or useful” services such as photo editing, camera apps, VPN services, horoscope apps and fitness tracking tools. Apps often require users to “log in with Facebook” before accessing promised functionality. However, these login features are nothing more than a means of stealing Facebook users’ account information. And David Agranovich, Director of Threat Destruction at Meta, said many of the apps Meta identified were barely functional.
“Many of the apps offered little or no functionality before logging in, and most did not even after consenting to log in,” Agranovich said in a briefing with reporters. .
Meta found malicious apps in both Google’s Play store and Apple’s App store, but mostly Android apps. Interestingly, while the malicious Android apps were mostly consumer apps such as photo filters, 47 of his iOS apps were almost exclusively what Meta called “business utility” apps. With names like “Very Business Manager,” “Meta Business,” “FB Analytic,” and “Ads Business Knowledge,” these services appeared to target people who use Facebook’s business tools specifically. .
Agranovich said Meta shared its findings with both Apple and Google, but said it was ultimately up to the store to make sure the app was removed. In the meantime, Facebook has issued a warning to his million people who may have used the app. The notification informs the user that their account information may have been compromised by an app (without naming the app) and recommends resetting their password.
12:20 PM ET Update: Both Apple and Google have confirmed that all apps identified by Meta have been removed from their respective app stores. “All apps identified in the report are no longer available on Google Play,” a Google spokesperson said in a statement. “Users are also protected by Google Play Protect, which blocks these apps on Android.”
All products recommended by Engadget are selected by an editorial team independent of the parent company. Some stories contain affiliate links. When you purchase something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publication.