Meta finds over 400 bad apps that want to steal your Facebook login information.
People’s social media accounts are being compromised by making trojan apps and putting them in app stores where people unknowingly download them. This is what Facebook’s parent company, Meta, says.
The tech giant said that its researchers had found more than 400 “bad” Android and iOS apps in the official app stores for Apple and Google.
The fake apps were advertised as many different kinds of apps, like games, photo editors, and utilities like a mobile flashlight.
After being downloaded, they asked people to enter their Facebook login information so they could use the app.
If these credentials are entered, they are stolen, which could give fraudsters access to the user’s full account and all the private information that goes with it.
“We told our peers at Apple and Google about these dangerous apps, and they were removed from both app stores before this report came out,” Meta said in a statement on its website.
In a blog post on Friday, October 7, Meta said that its security researchers had “found more than 400 malicious Android and iOS apps this year that were designed to steal Facebook login information and compromise people’s accounts.”
The trojan apps looked like useful or well-known tools. About 42.6% of them were video editors; 15.4% were business utilities; 14.1% were phone utilities; and the rest were games, virtual private networks (VPNs), or lifestyle apps.
Apple and Google both have ways to find and get rid of malicious apps from their stores, but Meta said that “some of these apps avoid detection.”
These usually have fake reviews written for them by the people who made them. This was done to trick users into thinking they were real and to hide reviews that warned others that they were not what they seemed to be.
Meta said that the goal of the people who make these apps is to get people to download them and then enter their Facebook username and password. The apps may look like they do what they say they do, but that’s just a trick to get people to do that.
“If the login information is stolen, attackers could get full access to a person’s account and do things like message their friends or look at private information,” the company said.
How to tell if an app is bad
Meta gave a list of warning signs to look out for when downloading an app so that you don’t give sensitive information to scammers.
The company said that many popular apps do let users sign in with their Facebook credentials, which is what the bad guys behind the malicious apps are after.
But Meta told people to keep in mind the following:
If you can’t use the app without giving Facebook info, if there aren’t many downloads, ratings, or reviews of the app, and if some of those reviews aren’t good, the app might not be good.
If the app does what it says it will do, either before or after logging in, the company said it has reached out to users whose login information might have been stolen and told them how to keep their accounts safe.