Saturday, December 2, 2023

Over 400 Malicious Android & iOS Apps Stealing Facebook Passwords

In a recent press release from Meta Platforms, it was announced that over 400 malicious apps had been identified on both Android and iOS platforms. 

The goal of these apps was to steal login information for Facebook accounts from online users to leverage their fraudulent use of these apps. The most shocking thing is that the credentials of at least 1 million Facebook users may have been stolen by these malicious applications.

These malicious apps were listed and disguised as the following on both Apple’s App Store and Google Play Store:-

  • Photo editors
  • Games
  • VPN services
  • Business apps
  • Phone Utilities
  • Lifestyle

Malicious Apps

According to the report, among those malicious applications, there are 355 Android applications, and 47 iOS applications. It is necessary to set up an account with the Login with Facebook feature after the application has been launched, which prompts the user to create a profile.

It is possible for malware embedded in the application to steal the login credentials of a victim as soon as they enter their credentials.

In the event that a user uses the same credentials on another service, the attacker will be able to gain access to the user’s account and other accounts as well.

Both the Apple App Store and the Google Play Store have removed the apps in question from their respective stores. 

When downloading applications such as these, you should always exercise caution. Make sure you verify the access permissions before granting Facebook access to the promised functionality of the app.

Checking app permissions and reviews, as well as confirming the app developers’ legitimacy, is part of this process. Moreover, if you want the full list of 403 malicious apps then you can access them here.

Affected Individuals: What to Do?

Follow these mitigations if you believe that you have downloaded or logged in using one of these malicious applications:-

  • In the first place, you should delete the app from your device as soon as possible.
  • Create a new strong password and reset your old one.
  • If you use the same password for more than one website, be sure not to reuse it.
  • The most effective way to ensure the safety of your account is to enable two-factor authentication, preferably through an app called Authenticator. 
  • Set up a log-in alert so that when someone attempts to log into your account, you will be notified so that you can take action in time. 
  • To ensure you are aware of which devices have access to your account, be sure to review your previous sessions.

Also Read: Download Secure Web Filtering – Free E-book


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles