Cybercriminals will stop at nothing to harvest your private information, which is why they always come up with new ways to infiltrate your devices. One of these methods is disguising as legit apps, which is a common practice that’s resurfacing once again. This time around, none other than Meta discovered the campaign.
Apps that ask for Facebook logins are in the thousands, which is a normal process to access the app’s promised functionality. However, when the application is designed to steal your information, things can get very ugly in seconds.
Unfortunately, we can’t talk about trusting unknown sources here as the malicious apps are distributed on Google Play Store and the Apple Store. Yes, it happened again, and we’ll explain everything below.
The Meta Warning – Facebook Credentials at Risk
We all know how Facebook operates, and up till now, we don’t trust the platform. Well, with a history of violating its users’ privacy and what is probably one of the biggest cybersecurity breaches in history, Facebook isn’t our number 1 pick for privacy alerts.
However, this time around, the platform login credentials are at risk. The social media giant disclosed that it had identified over 400 malicious apps on Android and iOS that steal Facebook login information.
We’ve seen such campaigns in the past. Cybercriminals inject malicious apps masquerading as popular utilities to trick people into downloading them.
This campaign is no different, as it hosts photo editors, games, VPN services, and business apps. These are good disguises that can get a lot of attention.
As seen in the images above, all the apps display a “Login With Facebook” prompt that ultimately functions as a means to steal the credentials entered by users.
Here’s what Meta had to say in a statement:
“These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them.”
According to Facebook, 42.6% of the rogue apps were photo editors, 15.4% were business utilities, 14.1% were phone utilities, 11.7% were games, 4.4% were lifestyle apps, and 11.7% were VPNs.
While the majority of downloads go to photo editors, in our opinion, the most dangerous applications are Virtual Private Networks.
Why? Well, these are apps that exist to enhance a user’s privacy and security. That’s why it’s a perfect lure for cyber criminals to use on their victims.
400 is a big number for rogue applications. Fortunately, both Google Play Store and Apple Store removed the apps in question. If you think you’re one of the victims who downloaded them, make sure to check this list (355 Android and 47 iOS apps).
Malicious Practices Infiltrate Official Stores… Again!
Downloading applications from sources such as Play Store and Apple Store should be easy and secure. But as we mentioned, cybercriminals have been coming up with new innovative ways to target their victims.
Even the Stores’ security measures are not enough to fend off such attacks. From now on, when you want to download applications, make sure to exercise caution, especially when it comes to granting access to Facebook to access the promised functionality.
Finally, before you even download the apps, read the reviews. Someone might have already witnessed what the apps are all about – you can avoid this entire predicament by doing so.