What has been found
Meta says that its security researchers have found more than 400 malicious Android and iOS apps designed to steal Facebook login information and compromise people’s accounts. The company says that these apps are disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them.
The company is also alerting people who may have “unknowingly self-compromised their accounts by downloading these apps and sharing their credentials, and are helping them to secure their accounts.”
How these apps work
Apart from displaying fun images on app stores, the developers of these apps may have published fake reviews. This helped them to cover up “negative reviews by people who have spotted the defunct or malicious nature of the apps” and trick others into downloading the malware.
When a person installs the malicious app on their device, it asks them to “Login With Facebook” in order to access the promised features. When the person enters his/ her credentials, the malware steals the username and password. This gives the attacker full access to the person’s account.
How you can stay safe
There are many legitimate apps that ask users to sign in with Facebook. However, it becomes difficult for general people to distinguish between legitimate and malicious apps. It is to be noted that malware apps often have signs that can help users to differentiate them from legitimate ones.
If an app repeatedly asks you to login with Facebook/ other credentials even before allowing you to use it, do not install it. You can also check the download count, ratings and reviews of such apps before downloading them. Check for spelling mistakes or abnormal behaviour while accessing the app.
What to do if you’re affected
In case you have downloaded a malicious app and have logged in with your social media or other online credentials, delete it from your device. Change the password and enable two-factor authentication, preferably using an Authenticator app. Turn on log-in alerts so you’ll be notified if someone is trying to access your account.
!(function(f, b, e, v, n, t, s) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadFBEvents = function() {
(function(f, b, e, v, n, t, s) {
if (f.fbq) return;
n = f.fbq = function() {
n.callMethod ? n.callMethod(…arguments) : n.queue.push(arguments);
};
if (!f._fbq) f._fbq = n;
n.push = n;
n.loaded = !0;
n.version = ‘2.0’;
n.queue = [];
t = b.createElement(e);
t.async = !0;
t.src = v;
s = b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t, s);
})(f, b, e, v, n, t, s);
fbq(‘init’, ‘593671331875494’);
fbq(‘track’, ‘PageView’);
};
})(
window,
document,
‘script’,
‘https://connect.facebook.net/en_US/fbevents.js’,
);if(typeof window !== ‘undefined’) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadScriptsOnceAdsReady = () => {
var scripts = [
‘https://static.clmbtech.com/ad/commons/js/2658/toi/colombia_v2.js’ ,
‘https://www.googletagmanager.com/gtag/js?id=AW-877820074’,
‘https://imasdk.googleapis.com/js/sdkloader/ima3.js’,
‘https://tvid.in/sdk/loader.js’,
‘https://timesofindia.indiatimes.com/video_comscore_api/version-3.cms’,
‘https://timesofindia.indiatimes.com/grxpushnotification_js/minify-1,version-1.cms’,
‘https://connect.facebook.net/en_US/sdk.js#version=v10.0&xfbml=true’,
‘https://timesofindia.indiatimes.com/locateservice_js/minify-1,version-14.cms’
];
scripts.forEach(function(url) {
let script = document.createElement(‘script’);
script.type=”text/javascript”;
if(!false && !false && !false && url.indexOf(‘colombia_v2’)!== -1){
script.src = url;
} else if (!false && !false && !false && url.indexOf(‘sdkloader’)!== -1) {
script.src = url;
} else if (!false && !false && (url.indexOf(‘tvid.in/sdk’) !== -1 || url.indexOf(‘connect.facebook.net’) !== -1 || url.indexOf(‘locateservice_js’) !== -1 )) {
script.src = url;
} else if (url.indexOf(‘colombia_v2’)== -1 && url.indexOf(‘sdkloader’)== -1 && url.indexOf(‘tvid.in/sdk’)== -1 && url.indexOf(‘connect.facebook.net’) == -1){
script.src = url;
}
script.async = true;
document.body.appendChild(script);
});
}
}
More News
OnePlus Nord CE 4 to launch in India on April 1: Here’s what the smartphone will offer – Times of India
Xiaomi 14 series is now available in India: Sale, pre-booking and more – Times of India
Kiren Rijiju: Why Earth Sciences minister Rijiju is upset with this European IT company | – Times of India