Meta warned users that over 400 apps have been targeting Facebook login information in a new report, saying they’re run by “cybercriminals.”
The social media giant said it reported the apps to Google and Apple for the theft of users’ login info, but did not specify how it was made aware of the thefts or if anything happened to users’ accounts after credentials were taken. In an interview, Meta’s Director of Threat Disruption David Agranovich said to the Daily Dot that the applications are reported on a case-by-case basis, but said that Meta has no control over whether the applications are removed from the app stores.
“We try to share that information as close to our discovery as possible,” he said. “So over the course of these investigations, in the past weeks and months, we’ve been flagging these applications to partners in the industry.”
The apps are “disguised as things like photo editors, mobile games, and health and lifestyle trackers,” Meta said in the report, and apps usually provide “little-to-no functionality before you log in, and most provide no functionality even after.”
The report claims hackers have created fake apps that say they have unique features and bump them up with fake five-star reviews in order to trick users into downloading them.
Meta said that there’s no reason to be skeptical of all apps that require a Facebook login, but it’s asking users to “be suspicious” of any app where it doesn’t make sense to enter a Facebook login, such as a photo editing or music app. The report also asks users to be skeptical of apps promising “too good to be true” features, like unreleased software or hacks for other applications.
The company said it is in the process of helping people whose logins were affected and compromised and will be sending out alerts to people with stolen logins.
“This is a highly adversarial space and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores,” the report said.
Of all the malicious apps Meta reported, almost half are masquerading as photo editing apps, while 15 percent claim to be business apps, according to the report. The report claims that if login information is stolen, attackers could “potentially gain full access to a person’s account and do things like message their friends or access private information” from their Facebook profile.
Agranovich said there wasn’t any specific instance of a compromised account being used for spam, but that Meta wanted to release the report and notify users before more accounts were compromised.
Meta recommends that users with compromised accounts delete the app immediately and reset their passwords to protect their accounts. It also said users should implement two-factor authentication and turn on login alerts to be alerted if someone attempts to log in to their account.
Agranovich said a notification to reset passwords and conduct better cybersecurity hygiene would be sent out to about one million people, though he doesn’t believe one million people’s logins were compromised.
“There are some things that might happen on an account that might look suspicious,” he said. “You can imagine things that might send you a ‘Did you log in here, was this new?’ type thing. That type of signal among others can help us identify if an account might be at risk.”
The report comes the day after researchers discovered a new malware affecting Android devices that allows hackers to record audio and various login data.