Facebook says malicious apps are stealing login credentials

Meta is warning 1 million Facebook users that their account information may have been compromised by third-party apps from Apple or Google's stores. In a new report, the company's security researchers say that in the last year they've identified more than 400 scammy apps designed to hijack users' Facebook account credentials.

The applications are disguised as games, photo editors, and health and lifestyle services. Users were typically prompted to login into their Facebook account upon downloading the apps, which would allow the malware to steal their login information.

All the identified malware apps have since been removed from the Google Play Store and Apple App Store, and Meta said it is alerting people whose information might have been unknowingly compromised.

Both companies have struggled to police their official app stores, and each faces its own version of the same challenges. For Google, Android's open ecosystem means that users can download apps from third-party app stores beyond Google's control. This makes it even more problematic when malicious apps show up in Play, but it also gives users leeway to source apps where they want to (ideally, if they know they can trust a particular developer). The closed iOS ecosystem has far fewer threats from rogue apps outside the App Store, but as a result all users must get their apps from Apple, making it even more valuable for attackers to sneak their malicious apps in.

Read more -here-

• Mozilla updates Firefox terms again after backlash over broad data license language
• Skype is shutting down after two decades
• OpenWrt debuts "unbrickable" hacker-friendly, security-focused wireless router
• Amazon debuts new Alexa+ AI voice assistant
• Microsoft tests ad-supported Office apps for Windows users
• Google is replacing Gmail's SMS authentication with QR codes