Meta IDs Over 400 Malicious Apps Stealing Facebook Login Information

Some big news from the social media sphere: Meta announces it has identified more than 400 malicious Android and iOS apps this year that targeted nearly a million Facebooks users, stealing their Facebook login information.

According to a Meta press release, the social media company has reported its findings to Apple and Google and is working on teaching impacted users how to protect their accounts.

What Meta found…

Meta’s security team identified over 400 malicious Android and iOS apps this year that were designed to steal Facebook login information and compromise people’s accounts.

Most of these apps were listed on the Google Play Store and Apple’s App Store disguised as photo editors, games, VPN services, business apps, and other utilities to trick users into downloading them.

Meta provides a few examples…

• Photo editor apps that claim to allow you to “turn yourself into a cartoon.”
• VPNs claiming to boost browsing speed or grant access to blocked content or websites.
• Phone utilities such as flashlight apps that claim to brighten your phone's flashlight.
• Mobile games falsely promising high-quality 3D graphics.
• Health and lifestyle apps such as horoscopes and fitness trackers.
• Business or ad management apps claiming to provide hidden or unauthorized features not found in official apps by tech platforms.

Categories (in %) of malicious apps.

How do these apps work?

Malicious developers create malware apps disguised as games, or "useful" technology, and publish them, unnoticed, on mobile app stores. The developers may even post fake reviews of the app to cover up any negative ones.

When someone installs the malicious app, it may ask them to “Login with Facebook” before they are able to use the features the app “promises.” Once a user enters their username and login, the malware steals their credentials.

When one’s Facebook login information is stolen, attackers could potentially gain full access to a person’s Facebook account and do things like message friends or access private information.

So, how do we stay safe?

There are legitimate apps that offer the features listed above and may ask you to sign in with Facebook in a safe and secure way.

Cybercriminals know how popular these types of apps are and will often try to replicate the formatting and themes of legitimate apps to fool you.

However, malware apps often have telltale signs that differentiate them from legitimate applications.

Here are a few things to look out for:

Requiring your social media credentials before you can use the app: if the app is unusable until you provide your social media credentials, then it’s likely malware designed to steal your login information.

The app's reputation: look at how many people have downloaded the app, what the ratings are, and read through reviews, including negative ones. Do all the positive reviews sound the same? They may have been written by the same few (or single) people (person).

Promised Features: does the app provide all of the functionality it says it will, either before or after login?

Examples of malicious apps.

What to do if your information is, or might be, compromised:

Reset and create new strong passwords. (Don’t reuse old ones, and don’t use one password across multiple sites, this should go without saying.)

Enable two-factor authentication, preferably through an authenticator app, to add an extra layer of security to your account. (It’s worth noting that two-factor identification is not foolproof when using text/SMS, thus we recommend an authenticator app.)

Turn on login alerts so you’ll be notified if someone tries to log in to your account.

-

If you have any further questions, throw them in the comments section below.

Have you encountered one of these malicious apps? Let us know!

For updates, subscribe to our free newsletter!

Morristown Minute has been approved for the 2022 Local News Fund!*

Our reporters will be dedicating time and resources to investigating the roadblocks to mental health accessibility in our town.

Donate to Morristown, NJs local mental health accessibility fund today!

Scan the QR code to donate!

*The 2022 Local News Fund is a program administered by the Local Media Foundation, a 501(c)(3) organization affiliated with the Local Media Association. The program's purpose is to allow independent and family-owned news organizations to solicit tax-deductible donations from their communities for journalism projects that focus on critical local issues. Contributions to this program are tax-deductible to the full extent of U.S. law; please consult a tax advisor for details.