Again and again, hackers manage to place their malicious programs in Apple’s App Store and Google’s Play Store. A number of apps capable of stealing Facebook passwords have now been uncovered.
Facebook’s parent company Meta warns around a million users that malicious apps could have stolen their passwords. The company’s security researchers have found more than 400 apps in the Apple App Store and Google Play Store that are designed to read Facebook login data. These include games, photo editors, health apps, VPN services, and flashlight apps.
Apps use manipulated login button to get Facebook password
In many cases, the apps do not deliver what they promise according to the description. Instead, they use a fake “Login with Facebook” button to get users’ login names and passwords.
According to Meta, the apps “made it to legitimate app stores” despite precautionary measures. The company has already reported the apps to Apple and Google, who have since removed them from their respective app stores. Meta gives affected users a number of tips on how to secure their accounts now and protect them from attacks in the future.
Also interesting: Facebook’s crazy plan for a new world
What affected users can do now
If you already have any of the malicious apps installed on your smartphone, you should delete them immediately. Meta recommends the following steps to secure the account:
- Reset the old password and set up a new one, strong and unique.
- Set up two-factor authentication, preferably with an authenticator app – from Microsoft or Google.
- Turn on login notifications in settings to see when someone tries to log in with your credentials.
Here is the list of those affected Android apps and iOS apps.
Here’s how you can detect malicious apps
Many apps use the Facebook login feature to sync data across multiple devices. Also, logging in with Facebook is often an alternative to Google, Apple and other login services. Hackers take advantage of the widespread distribution to make their malicious apps appear legitimate. However, there are a number of clues you can use to tell if an app is legitimate.
- Can only be used with a Facebook login. Many of the apps don’t even work until users enter their login credentials. With a music player or a photo editor, this should at least make you suspicious.
- Does the app keep what it promises? The apps are often intended to be 3D games or useful services. In reality, however, after registering, it turns out that the promised features are not available or only available to a limited extent.
- ratings and reviews. Malicious apps often have tons of 5-star purchased reviews. Users should not be blinded by this. It is best to check the negative reviews. When other users complain that the app doesn’t deliver what it promises, that’s often an indication that something is fishy.
source
meta-press release (accessed October 10, 2022)