More than 400 malicious applications for Android and iOS have been discovered in a new report from Meta (opens in a new tab). Facebook credentials are stolen by users.
These apps escaped detection and feature in seemingly secure official apps, from camera editor software to VPN services. Both Apple and Google reacted to these findings, removing them from Apple''s App Store and Google''s Play Store.
Despite all this, it is evident how cybercriminals have refined their craft, developing malware applications that both more and more closely match legislation.
Even if you are securing your data using fancy VPN services, anyone might be tricked into downloading a fake tool and exposeing their information.
Apps that are fake are used to infiltrate people''s social media accounts.
In the latest study, malware apps operate in a very simple manner. As an example, asking for users'' Facebook credentials is the only option to begin using such tools, and hackers are able to steal people''s names and passwords to then enter their social media accounts.
"Our view here is that this was not a specific geographically specific topic. This was rather a attempt to just obtain as many login credentials as possible," David Agranovich, the director of threat disruption, during a press briefing, reported by Forbes (opens in a new tab).
The most afflicted (over 42%) were photo editors. These were followed by business and phone utility tools, as well as some flashlight apps for example. More than 11% were allegedly secure VPN software, claiming to help you bypass online censorship and speed up browsing speeds. Other fraudulent applications also included gaming and lifestyle services such as horoscopes and fitness trackers.
Meta claims that malicious developers might create these bogus apps with a "fun or useful function" at its core in order to attract more users.
They may publish fraudulent positive reviews to increase apps'' credibility, while attempting to conceal negative feedback, pointing out their harmful nature.
Although both Apple and Google have removed such applications from their internet stores, Agranovich has assured that Meta will be warning the one million users who had entered contact with the applications in the event their information had been compromised.