Facebook malicious apps warning: Who is at risk, how to stay safe
A recent incident at Meta’s Facebook left users worried as the social media giant announced earlier this week that over a million users may have had their credentials compromised. The reason behind the security lapse – malicious apps that tricked users into giving the app their login credentials under false guises.
The bigger problem around the large-scale cyber security scandal was that many of the 400 apps that were responsible were directly available on Alphabet’s Google Play Store and Apple’s App Store. These are platforms that have strict app safety standards set in place just to avoid instances like this.
What exactly happened?
A report Bloomberg suggests that a number of malicious apps that were available on the Play Store and App Store were disguised as photo editors, mobile games and health trackers, among others. This makes it hard for most people to identify what could potentially be problematic apps since such apps are built around offering a false use-case.
What’s worse is apps like this will often work as expected, as games, editors and more, making it hard for users to even think of doubting the safety of such tools.
“Cybercriminals know how popular these types of apps are, and they’ll use similar themes to trick people and steal their accounts and information,” David Agranovich, director of global threat disruption at Meta said.
“If an app is promising something too good to be true, like unreleased features for another platform or social media site, chances are that it has ulterior motives,” he adds.
How do such apps steal your credentials?
Malicious apps will offer to provide extra functionality/bonus features getting users to log in with their Facebook account (or another social media account). This seemingly harmless act tricks users into opening in-app windows where they will sign in with their usernames and passwords.
Similar to how phishing or keyloggers work, once a user enters their credentials, the malicious apps may keep a record of the same and send it to remote attackers when the phone is next connected to mobile data or WiFi.
Facebook has said that not all of the roughly 1 million devices may have had their credentials compromised, but the company plans to share tips with potential victims on how they can avoid being “re-compromised” learning to spot potentially malicious apps.
India among top countries with malware on Android devices
Malicious apps on the software stores are a big problem because of the sense of trust they give off simply exing on platforms like the Google Play Store and Apple App Store. However, third-party apps pose an even bigger risk.
A recent report ESET that was released earlier this week also suggested that India is among the top countries with Android malware infections. A major reason for these infections was reported to be third-party Android applications like the infamous “GB WhatsApp” client that gave users special features not found on the standard WhatsApp application.
These apps that don’t come from the official Play Store or App Store are even riskier downloads and installs because there is virtually no screening process before you download the app from a source and sideload it. Even legitimate APK files can be modified to include malicious code and reuploaded on mirror sites.
