THE Goal released a list of malicious apps that steal data from Facebook users. There are more than 400 apps for Android and iOS smartphones, most of which are photo editors. The disclosure of these malicious programs comes after the company denounces the theft of 1 million WhatsApp accounts by Asian developers.
The list of malicious apps was released on Friday (7) on the official website of Goal, along with a “manual” for users to keep their accounts secure. According to the company, Google and Apple, the companies responsible for the Play Store and Apple Store, were contacted about the list before the release. People potentially affected by the apps are receiving notifications to learn how to keep their accounts and data more secure.
In addition to Google and Apple, Meta says it has released its research with cybersecurity experts and other technology companies to expand countermeasures to cyber threats.
Of the more than 400 malicious apps, the top 3 are led by photo editors, representing 42.6% of the total investigated. Next are utility apps for work (15.4%) and apps for phone features (14.1%) — such as programs that promise to clean files.
As analyzed by Meta, apps accused of stealing data promise the user “fun and useful services”, like an app that “increases the brightness of your smartphone’s flashlight” and the classic program to turn a photo into a drawing. Another thing in common in the strategy of these applications is to provide login only through social networks — through which sensitive account data is accessed.
How to protect yourself from malicious apps?
on your websitea Goal provided a brief manual on how to stay safe when using an application. The first step presented by the company is to suspect apps that force access via social network.
The user also needs “study” app evaluation. One of the strategies used by malicious programs to deceive the target is to publish several positive reviews, either to increase the app’s rating or hide negative comments. As much as it takes time to read the reviews, negative comments cannot be easily deleted by the developer. Thus, a comment stating that it is a scam or malicious app can save you.
Lastly, the Goal asks and reinforces the first step: the user needs to verify that the application provides the promised functionality before performing a login.
I used an app from the list, now what?
If you used any apps from the list — available at this link —, or logged in with a social network account in a suspicious app, the first step is to create a new password and never use it on other sites.
To keep your account even more secure, you also need to enable two-factor authentication. Opening your cell phone to log in to a website is not much of a hassle when compared to stealing data.
Another important measure to ensure your online safety is to enable login notification. Whenever your account is accessed on a new device, you will know it directly on your device or email. This functionality may also allow you to disallow unidentified access. Learn it how to see websites and apps where you used Facebook Login.