Categories: General News

Protecting People From Malicious Account Compromise Apps – Meta

Meta.st0{fill:#1c2b33}.st1{clip-path:url(#SVGID_1_)}.st2{clip-path:url(#SVGID_3_)}.st3{fill:url(#SVGID_6_)}

Today, we’re sharing an update on our work against malicious mobile apps available in the official Apple and Google app stores that are designed to compromise people’s Facebook accounts. We’ve shared our findings with industry peers, security researchers and policymakers to help us improve our collective defenses against this threat. Most importantly, because these apps were accessible in third-party app stores, we’re encouraging people to be cautious when downloading a new app that asks for social media credentials and providing practical steps to help people stay safe.
Our security researchers have found more than 400 malicious Android and iOS apps this year that were designed to steal Facebook login information and compromise people’s accounts. These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them. Some examples include:

This is a highly adversarial space and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores. We’ve reported these malicious apps to our peers at Apple and Google and they have been taken down from both app stores prior to this report’s publication. We are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials, and are helping them to secure their accounts.

Malicious developers create malware apps disguised as apps with fun or useful functionality — like cartoon image editors or music players — and publish them on mobile app stores. 

To cover up negative reviews by people who have spotted the defunct or malicious nature of the apps, developers may publish fake reviews to trick others into downloading the malware.

When a person installs the malicious app, it may ask them to “Login With Facebook” before they are able to use its promised features. If they enter their credentials, the malware steals their username and password. 

If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information.

There are many legitimate apps that offer the features listed above or that may ask you to sign in with Facebook in a safe and secure way. Cybercriminals know how popular these types of apps are and use these themes to trick people and steal their accounts and information. 
Malware apps often have telltale signs that differentiate them from legitimate apps. Here are a few things to consider before logging into a mobile app with your Facebook account:
Here are a few examples of malware apps we found to provide no functionality until you log in with your social media account.


If you believe you’ve downloaded a malicious app and have logged in with your social media or other online credentials, we recommend that you delete the app from your device immediately and follow the following instructions to secure your accounts: 
We also encourage people to report malicious applications that compromise Meta accounts to us through our Data Abuse Bounty program.
Threat indicators are also available in CSV, TSV, and JSON formats at https://github.com/facebook/malware-detection 
Android Apps
iOS Apps 
Follow Us
© 2022 Meta
To help personalize content, tailor and measure ads, and provide a safer experience, we use cookies. By clicking or navigating the site, you agree to allow our collection of information on and off Facebook through cookies. Learn more, including about available controls: Cookies Policy

source

InfoLair

Our primary beliefs and values include giving our readers quality material, disseminating information to encourage informed thinking, and supporting policies and ideas. We frequently curate or extract content from reliable online sources in order to uphold those ideals.

Recent Posts

Family friendly Staten Island fun all weekend: Holiday craft fair, gingerbread cookie workshop and more – SILive.com

Family friendly Staten Island fun all weekend: Holiday craft fair, gingerbread cookie workshop and more  SILive.com… Read More

15 hours ago

How to help feed those in need this Thanksgiving: What foods to donate, how to volunteer and more – ABC News

To read the full article click below: How to help feed those in need this… Read More

2 days ago

Sofia Vergara feeling sad after latest heartbreak: Source – Geo News

Sofia Vergara feeling sad after latest heartbreak: Source  Geo News Source Read More

2 days ago

Homebase in administration: What went wrong and what next? – Retail Gazette

To read the full article click below: Homebase in administration: What went wrong and what… Read More

5 days ago

Ukraine war latest: Kyiv's army 'in trouble' – with Putin's forces in 'ascendancy' – Sky News

Ukraine war latest: Kyiv's army 'in trouble' - with Putin's forces in 'ascendancy'  Sky News Source Read More

1 week ago

Princess Anne makes significant change for the first time in 50 years – GB News

Princess Anne makes significant change for the first time in 50 years  GB NewsPrincess Anne changes… Read More

1 week ago

This website uses cookies.