Meta says it’s identified 400 malicious Android and iOS apps that try to steal Facebook login credentials.
Meta Identifies 400+ Mobile Apps Designed to Steal Facebook Login Info
The malicious apps include photo editors and VPNs claiming to boost browsing speed or grant access to blocked content or websites. There are also mobile games, health and lifestyle apps, business or ad management apps, plus phone utilities such as flashlight enhancing apps.
Apps Pose Threat to Businesses
Meta say they are helping potentially impacted individuals to learn more about how to stay safe and secure their accounts, and businesses will need to do the same. Hacks can be costly if the hackers post offensive content on a company’s official timeline, so any devices used to access social media accounts will need to be kept safe from such info-stealing apps.
Business owners should be especially aware of the business or ad management apps, particularly those claiming to provide hidden, or unauthorized features not found in official apps by tech platforms. Of the total amount of malicious apps, 15.4% were such business apps, which is the second-highest category after photo editors at 42.6%.
Malicious Apps in ‘Legitimate App Stores’
In a statement on the About FB website where you can also read a list of the 400-plus malicious apps, Meta said: “This is a highly adversarial space and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores. We’ve reported these malicious apps to our peers at Apple and Google, and they have been taken down from both app stores prior to this report’s publication. We are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials, and are helping them to secure their accounts.”
They also explained how the malicious apps work, saying: “Malicious developers create malware apps disguised as apps with fun or useful functionality – like cartoon image editors or music players – and publish them on mobile app stores. To cover up negative reviews by people who have spotted the defunct or malicious nature of the apps, developers may publish fake reviews to trick others into downloading the malware.
“When a person installs the malicious app, it may ask them to ‘Login With Facebook’ before they are able to use its promised features. If they enter their credentials, the malware steals their username and password. If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information.”
How to Stay Safe
There are plenty of legitimate apps that also ask you to log in with Facebook, so you need to check a few things before using them. Firstly, check the download count and ratings in the app store, as well as reading any negative comments in the reviews. It is also a red flag if the app has no functionality or is unusable without a Facebook login.
If you suspect you have used a malicious app, then reset your passwords and activate login notifications.
Source: Small Business Trends