Security researchers at the Meta company managed to identify more than 400 malicious programs in the App Store. These applications were able to steal the credentials of Facebook users. The mentioned programs are available on both Android and iOS platforms and are published in the form of VPN, photo editor, game, business programs and other titles such as fortune-telling programs. However, the vast majority of these apps were found in the Google Play Store.
The company did not mention the number of people whose user information was stolen; But some sources claim that this problem may have affected 1 million Facebook users. David Agranovich; The director of Meta’s Security Threats Unit noted: “Many of the above applications had limited or even useless functionality before the user entered their account. This was sometimes true even after the user agreed with the login.
These programs asked users to log in using their Facebook account information. This method is a standard solution to enter some programs and services. As a result, malicious programs managed to steal the login information of Facebook users’ accounts.
When the attacker gains access to people’s user accounts with this method; It can potentially have all the private information on the user’s Facebook profile. The attacker can even message the audience of the user’s messenger service and send them links related to malicious programs.
Meta sent the list of malicious programs to Apple and Google and they also removed these programs from their app stores. Facebook also uses its application to users who may be at risk; It warns and helps them to secure user accounts.
Malware category published by Meta
How to stay safe?
Meta has pointed out several important points before entering a program through Facebook account information:
- Can’t the program be used without logging into a Facebook account?
- Is this app a valid app?
- The number of times the program has been downloaded along with the ratings and user comments should be reviewed.
- Does the app deliver the promised functionality before or after logging in?
Another way to stay safe is to prevent users from logging in with their Facebook account information. Using an Apple account and the “Sign in With Apple” option is considered a safer solution; Although this feature is not provided in all programs. Logging in to the system using an old email address and using strong passwords generated using password management tools such as iCloud Keychain will be more secure than the Facebook-based method and will protect users’ privacy in a better way.