Facebook has identified over 400 malware apps that appear to have captured more than a million usernames and passwords. To counteract the attacks, the company has now shared its findings with Google and Apple.
Over 400 apps have apparently secretly stolen the data of around a million Facebook users. The company announced this in an official blog post .
“We have identified more than 400 malicious Android and iOS apps this year that target Internet users to steal their Facebook credentials.” ( Facebook )
The applications are therefore available in the Apple and Google app stores and are aimed at compromising users' Facebook accounts. The malware was designed by third parties to appear “fun” or “useful” to users. To use the app, users had to log in with their social media access.
If the fraudsters manage to get the user to register, they gain full access to the person's account as well as to those pages and groups on Facebook where the victim has admin rights. They can also send messages to their friends and access private information.
According to various media reports, such as HERE , around a million Facebook users have submitted their usernames and passwords to malicious apps through this nasty scam.
Examples of malware applications that do not work until you are logged in with your social media account
Facebook writes:
Our security researchers found more than 400 malicious Android and iOS apps this year designed to steal Facebook credentials and compromise people's accounts. These apps have been listed in the Google Play Store and the Apple App Store and as
- photo editing programs,
- games,
- VPN services,
- Business apps and
- other utilities disguised to trick users into downloading them.
Here are some examples:
- Photo editing programs, including those that claim they can turn you into a caricature.”
- VPNs that claim to increase browsing speeds or provide access to blocked content or websites
- Cell phone utilities like flashlight apps that claim to make your phone's flashlight brighter
- Mobile games that falsely promise high-quality 3D graphics
- Health and lifestyle apps such as horoscopes and fitness trackers
- Business or ad management apps that claim to provide hidden or unauthorized features not found in official apps from technology platforms
Facebook itself sends affected users a security notice and explains how they can protect themselves from unwanted account attacks.
Tips from Facebook if you fall victim to this nasty scam:
If you believe you have downloaded a malicious app and logged in using your social media or other online services credentials, we recommend that you immediately delete the app from your device and follow the instructions below to protect your accounts :
- Reset your passwords and create new, strong passwords . Never use this password on multiple websites.
- To add an additional layer of security to your account, enable two-factor authentication , preferably with an authenticator app,
- Turn on Login Alerts to be notified when someone tries to access your account. Be sure to review existing and previous sessions to ensure you know which devices have access to your account.
Sources
Facebook / Meta – Report
CNET
Related to the topic: Facebook data leak: Great success for those affected! First court ruling awards victims €1,000 in damages
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )