Meta Platforms revealed on Friday that it had identified more than 400 malicious apps on Android and iOS that it said targeted online users in an attempt to steal their Facebook login credentials.
“These apps have been listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them,” the software giant said. social media in a report shared with The Pirate News.
42.6% of malicious apps were photo editors, followed by business utilities (15.4%), phone utilities (14.1%), games (11.7%), VPNs (11.7% ) and lifestyle apps (4.4%). Interestingly, the majority of iOS apps advertise themselves as ad management tools for Meta and its Facebook subsidiary.
Apart from disguising its malicious nature as a set of seemingly harmless apps, the operators of the program have also released fake reviews designed to compensate for negative reviews left by users who may have already downloaded the apps.
The apps eventually functioned as a means of stealing user-entered credentials by displaying a “Login with Facebook” prompt.
“If login credentials are stolen, attackers could potentially gain full access to someone’s account and do things like message their friends or access private information,” the company said.
All apps in question have been removed from both app stores. The list of 402 apps (355 Android apps and 47 iOS apps) is available here.
As always with apps like these, it’s essential to exercise caution before downloading apps and granting Facebook access to access the promised functionality. This includes reviewing app permissions and reviews, as well as verifying the authenticity of app developers.
The disclosure also comes as Meta-owned WhatsApp filed a lawsuit against three companies based in China and Taiwan for allegedly misleading more than a million users into compromising their own accounts by distributing false versions of the messaging app.