The passwords of millions of Facebook users could have been exposed not thanks to malicious third-party apps, social media giant Meta has warned. The company"s security researchers have released a new report warning people about more than 400 fraudulent apps designed to steal Facebook passwords.
According to the report, these seemingly harmless apps were disguised as "fun or useful" services such as photo editors, camera apps, fitness trackers, VPN services and more. These apps included a “Sign in with Facebook” option like many other apps to make it easier for you. However, these login features were just a means to steal Facebook passwords.
Meta"s director of threat intrusions, David Agranovich, added that most of these apps have little to no native functionality. During a press briefing, he said:
"Many apps provided little or no functionality before signing in, and most didn"t even provide any functionality after someone agreed to sign in".
ALSO READ : Ramiz Raja Sure of Winning T20 World Cup With Selected Pakistan Team
These malicious apps were available on Apple"s App Store as well as the Google Play Store, but most of them were Android apps. Android apps were mostly consumer apps like photo filters, but 47 iOS apps, according to Meta, were "business utility" apps. Some of the names on the list were “Very Business Manager”, “Meta Business”, “FB Analytic”, “Ads Business Knowledge” and others.
Meta quickly shared its findings with Apple and Google, while also sending out warnings to the 1 million people who may have used the apps. The notifications informed users that their Facebook account information may have been compromised.
Apple and Google have confirmed that all these apps have been removed from their respective app stores. A Google spokesperson said in a statement:
All apps listed in the overview are no longer available on Google Play. Users are also protected by Google Play Protect, which blocks these apps on Android.