AFP, published on Friday, October 07, 2022 at 9:26 p.m.
Meta warned on Friday that one million Facebook users have downloaded or used innocent-looking mobile apps designed to steal their social network password.
“We’re going to let a million people know that they may have been exposed to these apps – that doesn’t necessarily mean they were hacked,” David Agranovich, a director of Meta’s cybersecurity teams, said during an interview. a press conference.
Since the beginning of the year, the parent company of Facebook and Instagram has identified more than 400 “malicious” applications, available on smartphones operated by iOS (Apple) and Android (Google).
“These apps were present on the Google Play Store and Apple’s App Store and posed as photo editing tools, games, VPNs and other services,” Meta said in a statement.
Once downloaded and installed on the phone, these booby-trapped apps asked users to enter their Facebook credentials in order to use certain features.
“They’re just trying to trick people into giving up their confidential information to give hackers access to their accounts,” said David Agranovich.
He believes that the developers of these applications were probably looking to recover other passwords, not just those of Facebook profiles.
“Targeting seemed pretty undifferentiated,” he noted. The goal seemed to “get as many IDs as possible”.
Meta said it shared its findings with Apple and Google.
Google said it has already removed most apps flagged by Meta from its Play Store.
“None of the apps identified in the report are yet available on Google Play,” a Google spokesperson wrote to AFP.
Apple, for its part, told AFP that only 45 of the 400 applications were on iOS and that they have already been removed from the App Store.
More than 40% of apps reported by Meta were for editing images. Others consisted of simple tools, to transform his telephone into a flashlight for example.
David Agranovich advised users to be wary when a service asks for credentials for no good reason or makes “too good to be true” promises.