Meta recommends that users delete the app, change their Facebook password and turn on 2-factor authentication if they believe they have downloaded one of these apps.
Meta said earlier this year that it has detected 400 apps that pretend to offer real features and tools but which, in reality, are designed to ensnare people into logging into them with their Facebook credentials, which then gives developers access to their data and information.
According to Meta:
“Our security researchers have found more than 400 malicious Android and iOS apps this year that were designed to steal Facebook login information and compromise people’s accounts. These apps were listed on the Google Play Store and Apple’s App Store and were disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them.”
The apps appear dubious, but individuals could be duped into clicking on the applications in order to log in using Facebook information, thanks to their promise of a new feature or capability.
“Before being able to use the app’s promised features, a person might be prompted to ‘Login With Facebook’ after installing the malicious app. Their credentials would then be stolen. If the login details are obtained, attackers may be able to log into a person’s account and send messages to their friends or read their personal data.”
Meta says that the majority of these apps are photo editors, as the increased demand for photo editing updates is driving more demand for visual tools.
The chart above shows how frequently apps are being used in different categories, and shows that users must remain vigilant when approving apps and providing their Facebook log in details.
Meta says that it reported all of the apps to both Apple and Google, in an effort to get them removed completely from their respective stores (Google has since removed them all, according to Meta), as well as alerting app users, where possible, to help improve security and/or regain access to their profiles.
Here are some additional tips to help users avoid having their information hijacked by scam apps:
When using a mobile app, make sure to check for the following signs of a malicious app:
You can see how users might be duped by the functionalities promised and the way these apps are presented. In other words, this is a serious problem — 400 apps this year alone, and those are just the ones identified by Meta’s team.
It is important to keep in mind that hackers are seeking to steal your information using your Facebook log-in, whether or not you are using it correctly.
Meta is looking to work with Apple and Google to get remove links to malware and Meta recommends to reset the Facebook password and uses 2-factor authentication if the users used those apps.