Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Meta Finds 400 Malicious Apps on both Android & iOS Store

October 13, 2022

It is no surprise to us that malicious apps exist; in fact, it is no surprise that, as mobile device security evolves, more apps will be found to be malicious. Meta’s Director of Threat Disruption, David Agranovich, and Malware Discovery and Detection Engineer, Ryan Victory, recently reported that they discovered 400 applications between the iOS and Android app stores were malicious.

The goal was to identify applications that were targeting people’s Facebook login information. The research revealed more the 400 applications available this year that were made for harvesting Facebook login information and for compromising their Facebook accounts.

They found that these malicious apps were masquerading as apps of six distinct categories: Photo Editor, Business Utility, Phone Utility, Game, VPS, and Lifestyle. The Photo Editor category made up most of the applications discovered coming in at 42.6%, with the Business Utility coming in a 15.4%, the remaining categories were all under 15%.

Meta alerted both Google and Apple of their findings, and the two companies have taken down the applications identified in Meta’s report. The article also states that “[we] are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials and are helping them secure their accounts.”

You may be wondering how this works. Perhaps you thought the app stores have safety standards set before apps are published. As to the latter, the answer is they do, but each parent company has their own verification process. As far as how malicious apps work, they are usually disguised as some sort of fun or useful application. The app developers may create fake reviews trying to boost their ratings or try to hide the negative reviews. Once downloaded, these apps will ask for a user to sign into an account. In this case these apps were asking the user to sign in with Facebook credentials to link their account to the app.

The malicious app now has the username and password for the Facebook account. This potentially allows for an attacker to gain full access to someone’s Facebook account, meaning they could message friends, post, and a lot more.

Meta’s researchers share some helpful tips on how you can protect yourself from malicious apps. Here are some others:

  1. Think about why the app needs those credentials. – does that photo editor really need your Facebook login information to function?
  2. Where did the app come from? Is it from a reputable source, does it have reviews and what do they say?
  3. If it is from a third-party app store, you should not download it.

If you think you have been affected by this problem, there are some things you can do:

  1.  Reset your passwords and make them strong.
  2. Use Multi-Factor Authentication (MFA) or two-factor authentication (2FA) when available using preferably an Authenticator app. (This adds an additional layer of security to your account, stopping most account hijacking).
  3. Enable log-in alerts. You will get notified when someone tries to login.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology