Meta detects over 400 malicious apps designed to steal Facebook login credentials

Meta announced Friday that it has detected more than 400 malicious Android and iOS apps this year targeting internet users to steal login information and compromise people’s accounts.

“These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them,” Meta said. The company stated that it has informed both Apple and Google about the issue to facilitate the removal of these apps.

malicious app categories facebook

“Cybercriminals know how popular these types of apps are, and they’ll use similar themes to trick people and steal their accounts and information,” said David Agranovich, director of global threat disruption at Meta. “If an app is promising something too good to be true, like unreleased features for another platform or social media site, chances are that it has ulterior motives.”

Apple said that 45 out of 400 problematic apps are in the App Store and have been removed, while a spokesperson said that Google has removed all the malicious apps in question.

“If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information,” Meta warned.

Meta will inform nearly 1 million users that they may have been exposed to one of the fraudulent apps. The company says this does not mean that all these users’ Facebook accounts have been hacked. But Meta researchers say they’re cautious and have a wide net to know exactly what’s happening with each user, as they have limited visibility beyond their own platform.

Written by Maya Robertson


Leave a Reply

Your email address will not be published. Required fields are marked *


Telegram CEO Pavel Durov: ‘Stay away from WhatsApp’

Epic, Match seek to expand Google lawsuits with additional allegations