Meta says it identified 400 malicious Android and iOS apps trying to steal Facebook credentials.
Meta identifies over 400 mobile apps designed to steal Facebook credentials
Malicious apps include photo editors and VPNs that pretend to increase browsing speed or grant access to blocked content or websites. There are also mobile games, health and lifestyle apps, business or ad management apps, and phone utilities like flashlight boosting apps.
Apps pose a threat to businesses
Meta says they’re helping potentially affected individuals learn more about staying safe and protecting their accounts, and businesses need to do the same. Hacks can be costly when the hackers post objectionable content on a company’s official timeline, so any devices used to access social media accounts must be protected from such information-stealing apps.
Business owners should be particularly aware of business or ad management apps, especially those that claim to provide hidden or unauthorized features not found in official technology platform apps. 15.4% of the total amount of malicious apps were such business apps, which is the second highest category after image editors with 42.6%.
Malicious apps in “legitimate app stores”
In a statement on the About FB website, where you can also read a list of the 400+ malicious apps, Meta said, “This is an extremely controversial space and while our industry peers work to detect and remove malicious software, some of these apps escape detection and make it to legitimate app stores. We reported these malicious apps to our colleagues at Apple and Google, and they were removed from both app stores prior to publishing this report. We also warn people who may have unknowingly compromised their own accounts by downloading these apps and sharing their credentials, and help them secure their accounts.”
They also explained how the malicious apps work, saying, “Malicious developers create malware apps disguised as apps with funny or useful features – like cartoon image editors or music players – and publish them on mobile app stores. To cover up negative reviews from people who discovered the apps’ broken or malicious nature, developers can publish fake reviews to trick others into downloading the malware.
“If a person installs the malicious app, they may be prompted to sign in with Facebook before being able to use the promised features. When they enter their credentials, the malware steals their username and password. If credentials are stolen, attackers could potentially gain full access to a person’s account and do things like send messages to their friends or access private information.”
This is how you stay safe
There are many legitimate apps that also ask you to log in to Facebook, so there are a few things you need to check before using them. First, check the number of downloads and reviews in the App Store and read the negative comments in the reviews. It’s also a warning sign if the app has no functionality or is unusable without a Facebook login.
If you suspect you’ve used a malicious app, reset your passwords and turn on login notifications.
Follow us for the latest news on Google News.