Nearly a million Facebook users received a warning this Friday indicating the possibility that data and passwords have been stolen . This after downloading third-party applications in the Android and iOS stores.
Apple and Google have battled for years to keep malicious apps out of their official stores. These can be from very simple apps, like a lamp, to applications to edit photos or games.
In reality, the purpose of these apps is to collect data from those who download them, as well as carry out other types of cybercrimes such as unauthorized charges or credential theft.
David Agranovich, Director, Threat Interruption, indicated that more than 400 applications were reported in these 12 months in the official stores that steal the credentials of Facebook users. Of the 400 packages reported by Meta, 45 were from iOS apps.
Dangerous apps on Facebook
The company mentioned that the attack does not appear to be focused on a specific geographic group. Some examples include:
- Photo editors including those that said “turn yourself into a cartoon”.
- VPNs that claim to improve your browsing speed or grant you access to blocked content or sites.
- Functions for the phone, such as those that claimed to increase the brightness of the flashlight.
- Mobile video games that promised high-quality 3D graphics.
- Health and lifestyle apps like horoscopes or fitness trackers.
- Business or ad management apps that allegedly grant access to unauthorized features not found in official technology platform apps.
Google mentioned that the Android apps identified by Meta have been removed from the Play Store and that it has removed others throughout the year. Apple mentioned that they do not tolerate fraudulent apps within the App Store and that those reported by Meta have been removed.
Tips for downloading apps safely
Today there are many apps for everything – instant messaging, retail, banks, social networks, publishing. However, not all are what they seem. Some are designed to steal your information.
When a person installs the malicious app, it may ask them to “log in with Facebook” before they can use the features it promises. If you enter your details, the malware steals the username and password.
If login information is stolen, attackers can gain access to the person’s account and send messages to their friends or access private information.
Here are some tips for downloading apps safely:
- Read user ratings and reviews. If there are negative comments, check the reasons and investigate the causes, it may be that other users have identified problems in the app that you could avoid.
- Review the permissions and data requested. Each app will request permissions depending on its function. For example, it is normal for a photo editing app to request access to your photo gallery; however, it would not be normal for it to ask for access to your microphone. If an application requests access and data that do not seem to be for its correct operation, it is best to avoid it.
- Download from official sites. If you are going to download a banking application, for example, it is best to enter the official site of your bank and allow it to redirect you to the official app. The same for messaging or retail apps. We also recommend that you pay close attention to the logo, as sometimes it can be a copy.
- Update your device. This action reinforces your security and if the operating system detected any flaw or threat, it is more likely that it will disappear if you update the device.
How to know if your account was affected?
Agranovich shared that if you think you have downloaded a malicious app and logged in with your social media account details, it is recommended that you uninstall the app from your device immediately and follow the instructions below to secure your accounts:
- a new strong password. Never use the same password for different services or websites.
- Activate the , preferably using an authenticator app, to add an additional layer of security to your account.
- Turn on login alerts to be notified if someone is trying to access your account. Be sure to review previous sessions to ensure you recognize the devices that have access to your account.