Panic at Facebook: Meta has spotted more than 400 third-party applications that steal Facebook usernames and passwords by requiring a connection to an account on the social network. 1 million users are affected.
The infected applications follow and look alike. Friday October 7, Meta indicated on the facebook blog discovered more than 400 malicious applications on the App Store and Play Store. They take many forms: games, VPNs, photo editors, fitness trackers, horoscopes, ad management… But, under the guise of offering incredible functions, they actually steal Facebook usernames and passwords from their users. And to achieve this, they use a simple but very effective method: ask the victim to connect their Facebook account to the application in order to use it. Of course, this is a fake login page that steals credentials. In total according to Bloombergone million users were potentially affected.
Facebook account login: the right way to steal credentials
To trick their victims, apps lure them with amazing and useful features. Thus, photo editors offer to turn the user into a cartoon, VPNs claim to increase browsing speed or allow access to blocked content or websites, mobile games promise high-quality 3D graphics. Similarly, commercial or ad management apps claim to offer hidden or unauthorized functions in official social media apps. On paper, the promises are attractive. But, to run the applications, users must absolutely log in to their Facebook account. They are then redirected to a fake login page that looks exactly like the real one. Once the identifiers are entered, the trap closes. It is all the more vicious that to make the rogue apps even more popular, the people behind the trickery post lots of fake reviews on the official store page to reassure the user and drown out the bad ratings. Worse still, some are really functional!
Meta claims to have contacted Google and Apple, who immediately removed the apps from their store. Of the approximately 400 detected, only 15 come from the App Store: unsurprisingly, it is the Google Play Store, customary in fact, which houses the most. This is all the more worrying since applications are supposed to be checked before they are put on the market. Of course, Meta is in the process of contacting the people likely to have had their identifiers stolen according to its database – not all of them are compromised – and takes the opportunity to give some advice. “If an app promises something too good to be true, like new features on a platform or social network, chances are it has ulterior motives.”, recalls David Agranovich, manager at Meta. Either way, it’s best to check. on the report if one of these applications has been installed and, if so, uninstall it immediately and change its Facebook credentials – but also accounts that have the same password. Here is a sample of the infected apps:
- Video Converter
- Photo Frame PIP Collage Maker
- Ad Optimization Meta
- fortune finder
- Psychology Facts
- Cool Photo Editor
- BambooVPN
- CandlesVPN
- HD Video Player with music
- Shape Photo Editor
- Flash QRCode Scanner
- GameBooster
- Animated GIF & Stickers
- FB Advertising Optimization
- Business Manager Pages
- Tower Defense Zone – Batman Rush
Remember that, in order not to be fooled, you have to pay attention to certain details when installing an application. Typically, developer accounts only have one application, and software asks for permissions it normally doesn’t need to perform its function. Unfortunately, some manage to slip through the cracks, it is better not to think too much outside the box and settle for popular and recognized applications – even if this is not an absolute guarantee of security.