What just happened? Recently, Meta published information about vulnerabilities concerning several hundred malicious applications for Android and iOS. All the apps were listed in the Apple and Google app stores and disguised as legitimate software. But despite their descriptions and reviews, they were designed with the ultimate goal of stealing user information.
Both Apple and Google were alerted to this problem after Meta researchers found more than 400 malicious apps on their respective app platforms. The applications in question provided users with the ability to log in or access additional application features through their Facebook account. After logging in, the user’s credentials were stolen and used to provide unauthorized access to the victim’s data.
Facebook Developer Documentation provides guidelines on design, implementation, and user interaction for enabling Facebook login features in the new app. The login feature is well known and used by legitimate apps like Pinterest and Instagram. The illegal apps mentioned in the Meta report relied on recognizing this feature as one of many ways to give users a false sense of security and legitimacy when logging in.
The Meta statement described how the attackers used the popular login feature. Once created, fake reviews will be published to gain trust or hide unwanted negative reviews. Facebook users then installed the apps and entered their Facebook credentials to access the app’s content or connect it to their Facebook account. At this stage, the malware of the application will receive the login credentials provided by the user, making all the information about the user account, photos, etc. e. accessible to unauthorized third parties.
The apps did what they advertised, helping to further build trust in them as a valid app. According to Meta, photo filter apps account for more than 40% of all detected malicious apps. The remaining 60 percent cover various categories of phones, business, games, VPN and lifestyle.
The ad offers readers several questions and control signs that can help identify fraudulent applications. It also provides a link to GitHub where developers and security engineers can view indicators of potential threats. All affected users are advised to reset their passwords, enable two-factor authentication, and enable logging to track unwanted login attempts.