In a blog post, Meta says that more than 400 malicious Android and iOS apps that tried to steal people’s Facebook login credentials in 2022 were discovered by the company. Here are them and here’s how to protect yourself from these malicious applications.
According to David Agranovich, Director, Threat Disruption, and Ryan Victory, Malware Discovery and Detection Engineer, Meta shared with Apple and Google the malicious apps that tried to steal people’s Facebook login credentials. These apps were listed on the Google Play Store and Apple’s App Store as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them.
Facebook highlights a few examples of how these apps tried to scam Android and iPhone users:
- Photo editors, including those that claim to allow you to “turn yourself into a cartoon”
- VPNs claiming to boost browsing speed or grant access to blocked content or websites
- Phone utilities such as flashlight apps that claim to brighten your phone’s flashlight
- Mobile games falsely promising high-quality 3D graphics
- Health and lifestyle apps such as horoscopes and fitness trackers
- Business or ad management apps claiming to provide hidden or unauthorized features not found in official apps by tech platforms.
Facebook explains how these app works, which is very similar to what BGR covered about how scammers are winning money with fraudulent apps on the App Store.
They create an app that could be useful – or joyful – to people, buy fake reviews, and, in this case, the app asks to “Login With Facebook” before the user is able to use the promised features. This is when these apps stole people’s Facebook credentials.
If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information.
Facebook explains how to stay safe from malicious apps
Facebook shared three topics to consider before logging into a mobile app with your Facebook account:
- Requiring social media credentials to use the app: Is the app unusable if you don’t provide your Facebook information? For example, be suspicious of a photo-editing app that needs your Facebook login and password before allowing you to use it.
- The app’s reputation: Is the app reputable? Look at its download count, ratings, and reviews, including negative ones.
- Promised features: Does the app provide the functionality it says it will, either before or after logging in?
If you have been affected by these apps, reset and create new strong passwords, enable two-factor authentication, and turn on log-in alerts so you’ll be notified if someone is trying to access your account.
More coverage: Facebook Groups add Reels support and new communication features.
