It has been difficult for Apple and Google to keep malicious apps out of their official app stores. Simple programs like flashlight apps, photo editing tools, and games can be used to mask attempts to grab user data, authorize rogue charges, or steal login credentials. More than 400 apps have been found and reported by Meta this year that were set up to steal victims' Facebook credentials.
1 million users will be notified that they may have been exposed to a rogue application. Meta researchers say they are cautious because they have limited visibility beyond their own platform to know exactly what went on with each user, but that doesn't mean all those users had their Facebook accounts compromised. 45 of the 400 programs were for the iPad. According to the company, the activity didn't seem to be targeting a specific geographic region or group of people.
David Agranovich is the director of threat disruption at Meta. There are mobile games and flashlight apps. Cybercriminals know how popular certain types of apps are and use that to their advantage. We want to make people safer.
The company's other popular platforms were not targeted by this group of 400 applications. The company tracks threats from similar apps that steal credentials.
Some malicious apps still slip through the cracks, despite the fact that both the App Store and the Play Store have their own vetting systems. Credential theft is a focus of these rogue apps, and attackers often craft their ploys to take over high value accounts like Facebook profiles that both contain a lot of data themselves and are also used as single sign on platforms to log in to other services. Almost half of the apps were flagged as photo editing services. Some people claimed to be business utilities. The remaining categories were phone utilities, games, and lifestyle.
According to the company, many of the apps that were identified by Meta have been taken down from the play store.
According to Apple, it doesn't tolerate fraudulent or malicious apps in the App Store and that 45 of them have already been removed.
Both companies face the same challenges when it comes to policing their official app stores. Users can download third-party apps from third-party app stores, even if they don't want to, thanks to the open ecosystems of the two major operating systems. It's more problematic when malicious apps show up in Play, but it also gives users more freedom to source apps where they want. It's even more valuable for attackers to sneak their malicious apps in because all users need to get their apps from Apple.