Meta found more than 400 malicious apps designed to steal Facebook login information in official app stores
Meta found more than 400 malicious apps designed to steal Facebook login information in official app stores
Meta published an internal security report which found that apps designed to steal Facebook login information were prevalent in both of the big two app stores. The company says it has found over 400 malicious apps of this nature between Android and iOS, which manage to stay afloat with a combination of professional artistry and fake positive reviews to give them the appearance of legitimacy.
However, there is one dead giveaway when it comes to apps designed to steal Facebook login information; they all embed a Facebook button on their startup screens and require the victim to enter their credentials to use the app.
A group of malicious apps specifically targeting Facebook credentials has managed to evade app store security
Malicious apps seem to fly under Google and Apple’s security radar without getting access to installing malware or keyloggers; instead, they simply ask for Facebook login information as a requirement to launch the app, and if the user provides it, the threat actor steals it. It’s not uncommon for mobile apps to have built-in Facebook functionality of some sort, but it’s unusual for them to require the user to provide credentials before the app will launch.
Meta says it reported its findings directly to Apple and Google and is reaching out to potentially affected Facebook users, and that the apps were removed before the report was published.
There is no estimate of how many users may have had their login information compromised by these malicious apps. The apps don’t seem to go after two-factor authentication (2FA), targeting users who log into Facebook with just a basic username and password. Of course, even if users have secured their accounts with 2FA, there’s nothing stopping attackers from trying the credentials on various other services to see if they’ve been reused.
The Facebook login data theft campaign appears to be well organized and covers a wide range of different application categories. The most common of these malicious apps are basic photo editors, which usually offer some tricks like turning the user’s pictures into cartoons or allowing them to layer clothes over selfies. Fake photo editors accounted for over 42% of all malicious apps that were located. Other main categories include business utilities (often promising access to features and information that other similar free apps don’t offer), phone utilities such as VoIP calls, video games, and fake VPNs. There are a small number of other types of applications such as horoscopes, personal psychological aids, media players and wallpaper collections.
Malicious apps also use several techniques to induce trust. They use basic but professional-looking art, and seem to actively post fake positive reviews in an attempt to drown out the inevitable negative reviews when users realize they don’t offer all the features and functions promised.
Meta notes that apps that ask for Facebook login information on startup should be viewed with suspicion, and recommends that users enable 2FA on their account as an extra layer of protection. He also advises reading reviews carefully for indications of malicious activity and promised features that aren’t actually included or don’t work. The malicious apps in question apparently delivered little of the promised functionality, at best.
Criminals are increasingly interested in social media login information
Cybercriminals are showing renewed interest in all major social media platforms, viewing account takeovers as a relatively easy and low-risk form of cybercrime. Conventional thinking has been that these accounts are worth little unless they belong to someone famous or with a large platform, but hackers are finding creative applications for large volumes of accounts.
There are many different social login data stealing apps out there, but lately it seems that using them (and their contact lists) to cloak legitimate adware is becoming increasingly popular. A recent scam on Facebook saw attackers take over an account and then attempt to redirect that person’s entire contact list to a URL displaying legitimate ads, from which the criminals generate revenue. Similar campaigns have been on fire in the app stores since 2020which include criminals building malicious apps that hijack users’ devices for similar types of ad fraud.
Cybercriminals also use stolen social media accounts to spread malware to trusted friends and followers or to run cryptocurrency scams. There is also a trade in social media accounts that have usernames that contain common words or a few characters, as these are often the oldest accounts on the platform and have a certain prestige value.
#Meta #malicious #apps #designed #steal #Facebook #login #information #official #app #stores
