Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Meta Warns of Password Stealing Phone Apps

Meta warned a million Facebook users Friday that they have been “exposed” to seemingly innocuous smartphone applications designed to steal passwords to the social network.

Meta warned a million Facebook users Friday that they have been “exposed” to seemingly innocuous smartphone applications designed to steal passwords to the social network.

So far this year, Meta has identified more than 400 “malicious” apps tailored for smartphones powered by Apple or Android software and available at the Apple and Google app stores, director of threat disruption David Agranovich said during a briefing.

“These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them,” Meta said in a blog post.

The apps often ask people to login with their Facebook account information to use promised features, stealing usernames and passwords if entered, according to Meta’s security team.

“They are just trying to trick people into entering in their login information in a way that enables hackers to access their accounts,” Agranovich said of the apps.

“We will notify one million users that they may have been exposed to these applications; that is not to say they have been compromised.”

More than 40 percent of the apps Meta listed involved ways to edit or manipulate images, and some were as seemingly simple as using smartphones as flashlights.

“Our sense is these types of malicious app developers try to target multiple services,” Agranovich said, noting the app creators are likely after passwords to more than just Facebook accounts.

Advertisement. Scroll to continue reading.

“The targeting here seemed to be relatively indiscriminate — get people to download the applications around the world in an attempt to get access to as many login credentials as possible.”

Meta said that it shared what it discovered with Apple and Google, who control what is offered at their respective app shops and each vet offerings.

Apple did not respond to questions regarding whether it took action against any of the apps Meta deemed malicious.

But Google said that most of the apps Meta flagged had already been identified and removed from the Play store by its own vetting systems.

“All of the apps identified in the report are no longer available on Google Play,” a spokesperson told AFP.

“Users are also protected by Google Play Protect, which blocks these apps on Android.”

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.