The company plans to alert 1 million Facebook users that their account credentials may have been compromised by malicious software.
Google have struggled for years to keep malicious apps out of their official mobile app stores and away from users' phones. Simple programs like flashlight apps, photo editing tools, and games can mask efforts to grab user data, authorize rogue charges, or steal login credentials to a legitimate service. Today, Meta said it has found and reported more than 400 apps this year in official app stores that were set up to steal victims' Facebook credentials.
“It's a highly adversarial space, and some of these apps manage to evade detection,” says David Agranovich, Meta's director of threat disruption. “Flashlight apps, photo editors, mobile games. There are many legitimate applications on the Apple and Google stores, but cybercriminals know how popular these types of apps are and use that to their advantage. We want to deter threat actors and keep people safe.
Google says that the Android apps Meta identified have all been taken down from Google Play and that the company had independently caught and removed many of them throughout the year before Meta's disclosures.