Forbes reports that Meta has identified that up to 1 million Facebook users had their log-in credentials targeted by 400 Android and iOS apps during the past year.
Fraudulent virtual private networks, photo editors, health and lifestyle trackers, and mobile games were among the malicious apps that sought to exfiltrate user credentials, a report from Meta revealed. Most of the malicious apps required logins from Facebook, with app developers gaining the capability to hijack usernames, passwords, and two-factor authentication codes in the background, said Meta Director of Threat Disruption David Agranovich. "Our sense here is that this wasn't kind of a specific geographically targeted thing. This was more an attempt to just get access to as many login credentials as possible," Agranovich said. Apple has already removed the 45 malicious apps identified in the report from its App Store, while Google said that many of the apps have already been made unavailable on Google Play prior to Meta's alert.