In case you missed it, Meta recently published a spine-tingling report regarding 400 malicious apps plaguing Android and iOS devices. Masquerading as innocuous software, these vicious apps are designed to steal users’ Facebook login information and hijack their accounts.
Unfortunately, some of these apps evaded detection and slipped into the Google Play Store and Apple App Store, acting as legitimate apps. On the plus side, Meta disclosed its findings to Apple and Google, and consequently, the tech giants removed the malicious apps from their respective app stores. However, that doesn’t automatically remove the apps from your phone, so if you have any of these 400 apps lurking on your phone, you must delete them ASAP!
How these 400 malicious apps tricked users
On the surface, these 400 deceitful apps appear harmless (e.g. music players, image editing, and VPNs). Beneath that facade, however, lurks malicious code that seeks to steal users’ credentials.
The sneaky apps input a “Login with Facebook” button, prompting users to enter their passwords. Consequently, attackers gain full access to victims’ accounts. Cybercriminals can then message their friends, post on their behalf and peer into their private, sensitive data.
Meta offered screenshots of these devious apps, including Dress Up Charming, Teana Music Player, and Mulu Music Player.
What’s worse is that many developers publish fake reviews of the apps to cover up the slew of negative ones that warn prospective downloaders.
If we listed every single malicious Android and iOS app that Meta discovered in its report, our fingers would fall off. Instead, you can find a full list of the apps here (opens in new tab).
Interestingly, most of the malicious Android apps claimed to be photo and video editors; we spotted a slew of VPNs, too. Conversely, most of the nasty iOS apps pretended to be FB analytics tools.
Meta recommends that users enable two-factor authentication, preferably using an authenticator app (e.g. Google Authenticator), to add an extra layer of security in case your account gets compromised. You should also turn on log-in alerts. This way, you’ll be notified about any strange, unfamiliar account logins.