Meta announced that 1 million users have downloaded apps designed to steal their Facebook passwords

META warned on Friday, October 7, that one million Facebook users have downloaded or used innocent-looking mobile apps designed to steal their password to access the social network. This does not necessarily mean that they have been hacked.David Agranovic, Meta’s Director of Cyber ​​Security Teams, announced during a press conference.

since the beginning of the year, The parent company of Facebook and Instagram Select more than 400 apps “Harmful”. These apps were on the Google Play Store [Android] and the Apple App Store [iOS] They disguise themselves as photo-editing tools, games, VPNs, and other services.”detailed definition in the file communication.

Undifferentiated targeting

Once downloaded and installed on the phone, these booby-trapped apps required users to enter their Facebook credentials in order to use certain features. “They’re just trying to trick people into giving up their confidential information to give hackers access to their account.”summarized by David Agranovich.

It is believed that the developers of these apps were most likely looking to recover other passwords, not just those of Facebook profiles. “Targeting seemed completely undifferentiated”Don is. The goal looked “to get as many identifiers as possible”.

Meta said she shared her findings with Apple and Google. Apple did not respond to a request from Agence France-Presse (AFP), but Google responded that it had already removed most of the apps reported by Meta from its Play Store. “None of the apps identified in the report are available on Google Play yet”a Google spokesperson wrote to AFP.

More than 40% of the reported apps were used for photo editing. Others consisted of simple tools, for example to turn his phone into a flashlight. Mita said she will share tips with potential victims on how to avoid getting caught “penetrate again” Learn how to better detect problematic apps that steal credentials, whether for Facebook or other accounts. However, David Agranovich advised users to beware of a service that asks for credentials without good reason or makes promises “Too good to be true”.