"We're going to let a million people know that they may have been exposed to these apps - that doesn't necessarily mean they were hacked," David Agranovich, a director of Meta's cybersecurity teams, said during a briefing. a press conference.
Since the beginning of the year, the parent company of Facebook and Instagram has identified more than 400 "malicious" applications, available on smartphones operated by iOS (Apple) and Android (Google).
"These apps were present on the Google Play Store and Apple's App Store and posed as photo editing tools, games, VPNs and other services," Meta said in a statement.
Once downloaded and installed on the phone, these booby-trapped apps asked users to enter their Facebook credentials in order to use certain features.
"They're just trying to trick people into giving up their confidential information to give hackers access to their accounts," said David Agranovich.
He believes that the developers of these applications were probably looking to recover other passwords, not just those of Facebook profiles.
“Targeting seemed pretty undifferentiated,” he noted.
The goal seemed to "get as many IDs as possible".
Meta said it shared its findings with Apple and Google.
Google said it has already removed most apps flagged by Meta from its Play Store.
"None of the apps identified in the report are yet available on Google Play," a Google spokesperson wrote to AFP.
Apple, for its part, told AFP that only 45 of the 400 applications were on iOS and that they have already been removed from the App Store.
More than 40% of the applications reported by Meta were used to edit images.
Others consisted of simple tools, to transform his telephone into a flashlight for example.
David Agranovich advised users to be wary when a service asks for credentials for no good reason or makes "too good to be true" promises.
© 2022 AFP