Meta warns 1M Facebook users about Android, iOS apps used to steal login information

Malicious apps were disguised as photo editors, games, VPNs, business apps and other utilities

Meta Platforms is warning 1 million Facebook users who may have unknowingly self-compromised their accounts by downloading and sharing their login credentials with a malicious app.

Security researchers at the tech giant found more than 400 Android and iOS apps this year that were designed to steal Facebook login information and compromise users' accounts. The apps were listed on Google's Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them.

"This is a highly adversarial space and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores," David Agranovich, Meta's threat disruption director and Ryan Victory, a Meta malware discovery and detection engineer, said in a blog post on Friday. "We’ve reported these malicious apps to our peers at Apple and Google and they have been taken down from both app stores prior to this report’s publication." 

FACEBOOK PARENT META TO SHRINK SOME OFFICES AS IT ADAPTS TO HYBRID WORK

According to Meta, the malicious apps may ask users to log in with Facebook before they are able to use its promised features. Once a user does so, malware will steal their username and password. Once login information is stolen, attackers could potentially gain full access to an account, including their private information and list of friends.

In order to cover up negative reviews by people who may have spotted the malicious nature of the apps, developers may publish fake reviews to trick users into downloading the malware. 

Meta recommends that users who believe they may have downloaded one of the apps and logged in with their social media or other online credentials to reset and create new strong passwords, enable two-factor authentication, turn on log-in alerts and report the app to Meta through its Data Abuse Bounty program.  

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Representatives for Apple and Google confirmed to FOX Business that the malicious iOS and Android apps have been removed from the Google Play Store and App Store. According to Apple, the App Store only hosted 45 of the malicious iOS apps disclosed by Meta. 

"The App Store was designed to be a safe and trusted place for users to download apps, and we have zero tolerance for fraud or apps designed with malicious intent," the spokesperson added.

Ticker Security Last Change Change %
META META PLATFORMS INC. 591.70 +19.65 +3.44%
GOOGL ALPHABET INC. 180.75 +4.24 +2.40%
AAPL APPLE INC. 227.48 +4.76 +2.14%

A Google spokesperson told FOX Business that, in addition to the removal of the apps, its users are also protected by Google Play Protect, which blocks the apps on Android. 

To check out the full list of affected Android and iOS apps, click here

Load more..