As per the report published by Facebook parent Meta on Thursday, as many as a million Facebook users have been warned of the seemingly malicious application, they may have been exposed to. The Android and iOS malware is designed to steal passwords from social networking sites.
This year so far, Meta has detected more than 400 fraudulent applications, and structures for Apple or Android-powered smartphones. The malicious apps are apparently made available at the Play Store and App Store, says director of threat disruption, David Agranovich during a briefing.
"These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," states Meta in a Blog post.
Reportedly, the fraudulent apps ask Facebook users to log in with their account information, enticing them with certain promising features. Ultimately, stealing user passwords and other credentials, if entered.
"They are just trying to trick people into entering in their login information in a way that enables hackers to access their accounts [..] We will notify one million users that they may have been exposed to these applications; that is not to say they have been compromised," mentions Agranovich.
With regard to these activities, Meta stated that it has shared information about the malicious apps with both Apple and Google, which controls the activities of their respective app shops.
Considering this, Google said that most of the malicious apps mentioned by Meta have already been identified and removed from its Play Store by its vetting systems.
"All of the apps identified in the report are no longer available on Google Play," a spokesperson told AFP. "Users are also protected by Google Play Protect, which blocks these apps on Android."
On the other hand, Apple has yet not responded to questions about whether it took any action against the aforementioned apps.
In the blog post, Meta also alerts internet users about certain activities they may unknowingly perform, that could leverage the threat actor.
"We are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials, and are helping them to secure their accounts," the blog post notes.