Meta Alerts Over 1 Million Facebook Users Who Installed Scam Apps

According to security researchers at Meta, the account information of over 1 million Facebook users may have been compromised by installing certain third-party apps from Apple or Google’s store (via Engadget).

Researchers claim to have identified more than 400 scammy apps designed to hijack users’ Facebook account credentials over the past year. These apps often require users to “Log In with Facebook” before they can access the promised features.

Meta says the apps are disguised as “fun or useful” services, like photo editors, camera apps, VPN services, horoscope apps, and fitness tracking tools. The company found malicious apps in both Google’s Play Store and Apple’s App Store, though the vast majority were Android apps.

“Many of the apps provided little to no functionality before you logged in, and most provided no functionality even after a person agreed to login,” said Meta’s Director of Threat Disruption David Agranovich.

While the malicious Android apps were mostly consumer apps, like photo filters, the 47 iOS apps were almost exclusively what Meta calls “business utility” apps. These services, with names like “Very Business Manager,” “Meta Business,” “FB Analytic” and “Ads Business Knowledge,” seemed to be targeted specifically at people using Facebook’s business tools.

Agranovich said that Meta shared its findings with both Apple and Google, but that it was ultimately up to the stores to ensure the apps are removed.