Facebook found more than 400 malicious Android and iOS apps stealing login credentials

Jimmy2x

Posts: 147   +12
Staff
What just happened? Meta recently released vulnerability information regarding several hundred malicious Android and iOS applications. All of the apps were listed in Apple and Google app stores and disguised as legitimate software. But despite their descriptions and reviews, they were designed with the end goal of stealing user information.

Both Apple and Google were alerted to the issue after Meta researchers found more than 400 malicious apps across their respective app platforms. The apps in question provided users the option to log into or access an app's additional features via their Facebook account. Once entered, the user's credentials were stolen and used to provide unauthorized access to the victim's data.

The design, implementation, and user experience guides for including Facebook login functionality in a new app is openly available for developers in Facebook's developer documentation. The login function is well known and used by legitimate apps such as Pinterest and Instagram. The illegitimate apps named in Meta's report relied on this function recognition as one of many ways to lure users into a false sense of security and legitimacy when logging in.

Meta's statement described how malicious developers exploited the popular login functionality. Once created, fake reviews would be posted to build initial credibility or bury unwanted negative reviews. Unsuspecting users would then install the applications and enter their Facebook credentials to access the app's content or connect it to their Facebook account. At this point, the app's malware would obtain the user's submitted login credentials, making all of the user's account information, photos, etc. accessible by unauthorized third parties.

The apps did what they advertised, helping to further establish their credibility as a valid app. According to Meta's findings, photo filter apps made up more than 40 percent of all identified malicious apps. The other 60 percent spanned various phone, business, gaming, VPN, and lifestyle categories.

The announcement provides readers with several questions and telltale signs that can help to identify fraudulent applications. It also provides a GitHub link where developers and security engineers can review potential threat indicators. Any affected users are advised to reset their passwords, enable two factor authentication, and turn on logging to monitor unwanted login attempts.

Permalink to story.

 

PEnnn

Posts: 1,011   +1,361
"to log into or access an app's additional features via their Facebook account"

That's what people deserve for having a BookFace account

"Most were Android apps"

No surprise there. Tell us something we haven't heard ad nauseum before. The Android App QA gods are a bunch of lazy monkeys.
 

DSirius

Posts: 380   +801
TechSpot Elite
Those malicious apps exploited the popular login functionality of Facebook.
This means that Facebook is pissed that others steal the same data which Meta-facebook steal first?
The solution is simple. Stop using any Meta-Facebook products and block any Facebook api.
When hackers are using Meta-Facebook apps more than normal users is time to move on from this rotten-spyware corporation.
 

Hodor

Posts: 436   +320
Dangerous apps - full list (at the bottom of the page):

https://about.fb.com/news/2022/10/protecting-people-from-malicious-account-compromise-apps/

Google is much worse than Facebook. Mass media aren't attacking FB because they are stealing data. Nope. Nobody cares about that, since everyone is stealing user data. I dare you to name any famous social network or web site which doesn't.

So, why are they attacking FB then? Because Meta didn't implement rigorous dictatorship-level censorship the way YouTube, Twitter, Google and almost everyone else did. Anything that isn't compatible with the nowadays crappy agenda is not allowed on those sites.

If FB did implement censorship as ordered, the media would say how great web site that was. But they didn't censor their users and paradoxically that's why they are bad. It was never about stealing user data, since if that was the case, Google is the undisputed world champ of stealing user data. By far.

Free speech is a phrase that scares modern governments and certain parties. They are working hard on limiting freedom of speech and warning people about the "dangers" of freedom of speech.
 

ID10T

Posts: 39   +30
Dangerous apps - full list (at the bottom of the page):

https://about.fb.com/news/2022/10/protecting-people-from-malicious-account-compromise-apps/

Google is much worse than Facebook. Mass media aren't attacking FB because they are stealing data. Nope. Nobody cares about that, since everyone is stealing user data. I dare you to name any famous social network or web site which doesn't.

So, why are they attacking FB then? Because Meta didn't implement rigorous dictatorship-level censorship the way YouTube, Twitter, Google and almost everyone else did. Anything that isn't compatible with the nowadays crappy agenda is not allowed on those sites.

If FB did implement censorship as ordered, the media would say how great web site that was. But they didn't censor their users and paradoxically that's why they are bad. It was never about stealing user data, since if that was the case, Google is the undisputed world champ of stealing user data. By far.

Free speech is a phrase that scares modern governments and certain parties. They are working hard on limiting freedom of speech and warning people about the "dangers" of freedom of speech.
War is Peace freedom is slavery