Meta Detects 400 Malicious iOS and Android Apps To Steal Facebook Login Credentials.
Meta reported that it detects over 400 malicious applications for Android and iOS designed to steal the Facebook login information of users.
Users were prompted to “Login With Facebook” to steal their credentials.
Both app stores have removed all of the apps in question. Here are the 403 apps (356 Android and 47 iOS).
In the case of apps like these, it is always give caution before downloading them and granting access to your Facebook account to access the app’s promised functionality. App permissions and reviews are scrutinized, and the authenticity of the developers is also verified.
In addition, Meta-owned WhatsApp is suing three Chinese and Taiwanese companies for allegedly spreading bogus versions of WhatsApp that could compromise the accounts of over a million users.
What’s Facebook Describe?
- Identified over 400 malicious Android and iOS apps this year that target people across the internet to steal their Facebook login information.
- Facebook reported our findings to Apple and Google, helping potentially impacted people learn more about how to stay safe and secure their accounts.
- It included more information about these apps at the bottom of our post to enable further security research by our industry so we can improve our collective defense.
Facebook Found in their Investigation
Our security researchers have found over 400 malicious Android and iOS apps this year designed to steal Facebook login information and compromise people’s accounts. These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them.
Some examples include:
- Photo editors, including those that claim to allow you to “turn yourself into a cartoon”
- VPNs claiming to boost browsing speed or grant access to blocked content or websites
- Phone utilities such as flashlight apps that claim to brighten your phone’s flashlight
- Mobile games falsely promise high-quality 3D graphics
- Health and lifestyle apps such as horoscopes and fitness trackers
- Business or ad management apps claim to provide hidden or unauthorized features not found in official apps by tech platforms.
Requiring social media credentials to use the app:
Is the app unusable if you don’t provide your Facebook information? For example, be suspicious of a photo-editing app that needs your Facebook login and password before allowing you to use it.
Check App’s reputation:
Is the app reputable? Look at its download count, ratings, and reviews, including negative ones.
Promised features:
Does the app provide the functionality it says it will, before or after logging in?
What To Do If You Are Affected?
- Reset and create new strong passwords. Never reuse your password across multiple websites.
- Enable two-factor authentication, preferably using an Authenticator app, to add an extra security layer to your account.
- Turn on login alerts so you’ll be notified if someone is trying to access your account. Be sure to review your previous sessions to ensure you recognize which devices have access to your account.
Also, you can report malicious applications that compromise Meta accounts through our Data Abuse Bounty program. In 2021, Meta launched Facebook Protect.
