12.7 C

Facebook warns 1 million users whose logins were stolen by scam mobile apps



Meta is warning Facebook users about hundreds of apps on Apple and Google’s app stores that were specifically designed to steal login credentials to the social network app. The company says it’s identified over 400 malicious apps disguised as games, photo editors, and other utilities and that it’s notifying users who “may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials.” According to Bloomberg, a million users were potentially affected.

In its post, Meta says that the apps tricked people into downloading them with fake reviews and promises of useful functionality (both common tactics for other scam apps that are trying to take your money rather than your login info). But upon opening some of the apps, users were prompted to log in with Facebook before they could actually do anything — if they did, the developers were able to steal their credentials.

Meta’s breakdown of what apps pretended to be in order to steal people’s info.
Image: Meta

Meta says that it reported the apps to Google and Apple and got them taken down, but it’s still not a great look that they made it onto the stores in the first place. That’s especially true for Apple; for years, the company has argued against sideloading apps for the iPhone, saying that the ability to install apps not in the App Store is “a cyber criminal’s best friend.” It argues that its App Review process, which theoretically vets apps before they’re made available on the App Store, has helped it build a “trusted ecosystem for millions of apps.” Despite this, the company has struggled to reign in scam apps on its platform, with some reportedly raking in millions of dollars.

To be fair, Facebook’s report indicates that the issue is significantly worse on the Play Store — out of the 402 malicious apps on its list, 355 were for Android, and 47 were for iOS. Interestingly, the Android ones spanned a wide range of genres, from games, VPNs, photo editors, and horoscope apps, every single one for iPhone was related to managing business pages or ads. (This didn’t necessarily mean they weren’t reasonably suspicious; it’s hard to understand how “Very Business Manager” got past Apple’s App Review process.)

Neither Apple nor Google immediately responded to The Verge’s request for comment.

When it comes to apps that attempt to steal your login info, Meta’s post details some good warning signs to look out for — if the app doesn’t do what it says it does, locks all functionality behind a login, or has loads of (potentially buried) negative reviews, it’s probably best to give it a pass and find another, more reputable app.

Source link

Subscribe to our magazine

━ more like this

Biden pledges ‘ironclad’ support for Israel as U.S. forces join in intercepting Iran-launched drones

President Joe Biden and his national security team monitored Iran’s aerial attack against Israel on Saturday as U.S. forces joined efforts to down...

Markets flash early signs of risk from wider Mideast war as crypto prices sink after Iran launches wave of drones at Israel

Cryptocurrency prices fell Saturday evening after Iran launched a wave of drones at Israel, marking an early indication of the turmoil that could...

Police arrested four people over $300,000 of stolen Lego kits

Los Angeles citizens can rest easy knowing that a criminal theft ring is no longer stalking the city’s retail stores to feed a...

U.S. vows to support Israel’s defense as Iran launches drone attack

Iran launched drones toward Israel late Saturday, the Israeli military announced, and Iran’s state-run media reported that dozens had been fired. The Israeli army’s...

Housing is unaffordable for too many Americans, and tighter land-use regulations mean higher costs, Atlanta Fed president says

The housing affordability crisis has no easy solutions, but research has shown a tight correlation between tougher land-use regulations and higher costs, Atlanta...