Meta warns 1 million potential victims about stolen login details

Meta has notified roughly one million Facebook users about credentials that may have been stolen. According to Meta, the victims downloaded malicious apps from the Apple App Store and Google Play Store, after which their login details were stolen.

It would be roughly 400 malicious applications, which in a blog post explicitly mentioned, with which the login details of victims were stolen. Meta has notified Apple and Google about the apps in question. Apple says opposite Bloomberg that 45 of the 400 apps could be downloaded via the App Store, with the remaining applications being offered in the Play Store. All of the apps listed by Meta have since been removed from the respective virtual app platforms.

Nearly 43 percent of the time, these are photo editing apps that supposedly allow users to edit photos or turn themselves into a cartoon character. In many cases, you would be asked to log in via Facebook for more functionalities. In this way, criminals have obtained the victims’ credentials. Also VPNs, games and help apps such as flashlights are said to be common among the malicious applications.

A Meta employee tells Bloomberg: “Cybercriminals know how popular such apps are and use similar concepts to trick people into stealing credentials. When an app is too good to be true, such as if it has unreleased features for other platforms or social media are promised, there’s a good chance there’s malice involved.”

Examples of some applications found by Meta with fake login buttons for ‘Facebook’. Image via Meta