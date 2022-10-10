Meta warned this Friday (7th) that one million Facebook users downloaded or used applications that appear be harmless at first, but that are created to steal your password access to the social network.

“We’re going to let a million people know that they may have been exposed to these apps, which doesn’t necessarily mean they’ve been hacked,” David Agranovich, director of Meta’s cybersecurity team, told a news conference.

Parent company of Facebook and Instagram, Meta has mapped since the beginning of the year 400+ malicious apps. They are available for smartphones running Apple and Google operating services, iOS and Android respectively.

“These apps were present on the Google Play Store and Apple’s App Store, and impersonated photo editing tools, games, VPN and other services,” Meta specified in a statement.

How malicious apps work

Once installed on the phone, these apps would ask Facebook users for their credentials to use the features.

“They tried to encourage people’s confidential information to be given out to allow hackers to access their accounts,” summarized Agranovich, who assessed that the developers of these applications were looking for other passwords, not just Facebook.

“The aim seemed to be relatively indiscriminate,” he points out. It was about “getting as many passwords as possible.”

The company said it shared its findings with Apple and Google.

Answers from Apple and Google

Apple told AFP that only 45 of the 400 apps identified by Meta were available on its operating system, and the company removed them from the App Store.

Google, for its part, indicated that it has already removed most of the reported apps from its online store. “None of the apps identified in the report are available on Google Play,” a Google spokesperson wrote to AFP.

More than 40% of the applications indicated were for photo editing. Others were simple tools, like turning your cell phone into a flashlight, for example.

Agranovich recommended that users be careful when an app asks for passwords for no valid reason or makes a “too good to be true” promise.