Trapped apps steal Facebook passwords

Spread the love

Trapped apps steal Facebook passwords

Applications ask Internet users to enter their Facebook identifiers in order to collect their data.

Meta revealed on Friday that one million Facebook users have downloaded or used innocent-looking mobile apps designed to steal their social network access password.

We're going to notify a million people that they may have been exposed to these apps – that doesn't necessarily mean they were hacked, said David Agranovich, a director Meta cybersecurity teams, during a press conference.

Since the beginning of the year, the parent company of Facebook and Instagram has identified more than 400 malicious applications, available on iOS (Apple) and Android (Google) smartphones.

“These apps were present on the Google Play Store and Apple's App Store and posed as photo editing tools , games, virtual private networks and other services.

— A spokesperson for Meta

Once downloaded and installed on the phone, these booby-trapped apps asked people to enter their Facebook credentials in order to use certain features.

They simply try to trick people into people to give their confidential information to allow hackers to access their accounts, summarized David Agranovich.

He believes that the developers of these applications were probably seeking to recover from #x27;other passwords, not just Facebook profile passwords.

The targeting seemed fairly undifferentiated, he noted. The goal seemed to get as many IDs as possible.

Meta said it shared its findings with Apple and Google.

Apple did not respond to a request from AFP, but Google said it had already removed most of the apps reported by Meta from its Play Store.

“None of the apps identified in the report are yet available on Google Play.

— Google Spokesperson

More than 40% of reported apps were used to edit images. Others were simple tools, like turning your phone into a flashlight.

The director of Meta's cybersecurity teams advised users to be suspicious when a service asks for credentials for no good reason or makes promises that are too good to be true.

Previous Article
Next Article