Meta, the parent company of Facebook, has released a statement showing the results of an investigation. This bulletin indicates, in detail, that 400 applications have put the credentials of almost a million users at risk, which can be found in both the Android and Apple stores. But there are more details which will be discussed in the following lines.
400 malicious apps compromise Facebook credentials
Facebook, through the investigation of the Meta team, revealed with this bulletin that there are many applications whose only objective is to obtain the credentials of their users. To date, more than a million Facebook accounts have been compromised. Among these applications, which can be downloaded from the Play Store and the App Store, there are VPN, photo editing, cleaning, and activity monitors, among others with different functions attractive for users.
These apps got the credentials through a request, creating an account to access all of their features. As with many applications, access through the Facebook account is very common. But by entering the credentials, cybercriminals take advantage to gain free access to each account.
Among the apps that steal the credentials are:
- Photo editors, including those to “turn a photo into a cartoon.”
- VPNs claiming to improve browsing speed and grant access to blocked content or sites.
- Functions like increasing the brightness of the phone’s flashlight.
- Mobile video games that promise high-quality 3D graphics.
- Health and lifestyle like horoscopes or fitness trackers.
- Business or ad management.
Meta once alerted Google and Apple. They reiterated:
“If login information is stolen, attackers could gain full access to a person’s account and do things like send messages to their friends or access private information.”
At the same time, all affected users are advised to report unusual activity and change their passwords immediately. They are also very adamant about turning on two-step authentication and login alerts.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Foto de Alexander Shatov en Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp