Over 400 Malicious Android & iOS Apps Stealing Facebook Passwords

In a recent press release from Meta Platforms, it was announced that over 400 malicious apps had been identified on both Android and iOS platforms. 

The goal of these apps was to steal login information for Facebook accounts from online users to leverage their fraudulent use of these apps. The most shocking thing is that the credentials of at least 1 million Facebook users may have been stolen by these malicious applications.

These malicious apps were listed and disguised as the following on both Apple’s App Store and Google Play Store:-

  • Photo editors
  • Games
  • VPN services
  • Business apps
  • Phone Utilities
  • Lifestyle

Malicious Apps

According to the report, among those malicious applications, there are 355 Android applications, and 47 iOS applications. It is necessary to set up an account with the Login with Facebook feature after the application has been launched, which prompts the user to create a profile.

It is possible for malware embedded in the application to steal the login credentials of a victim as soon as they enter their credentials.

In the event that a user uses the same credentials on another service, the attacker will be able to gain access to the user’s account and other accounts as well.

Both the Apple App Store and the Google Play Store have removed the apps in question from their respective stores. 

When downloading applications such as these, you should always exercise caution. Make sure you verify the access permissions before granting Facebook access to the promised functionality of the app.

Checking app permissions and reviews, as well as confirming the app developers’ legitimacy, is part of this process. Moreover, if you want the full list of 403 malicious apps then you can access them here.

Affected Individuals: What to Do?

Follow these mitigations if you believe that you have downloaded or logged in using one of these malicious applications:-

  • In the first place, you should delete the app from your device as soon as possible.
  • Create a new strong password and reset your old one.
  • If you use the same password for more than one website, be sure not to reuse it.
  • The most effective way to ensure the safety of your account is to enable two-factor authentication, preferably through an app called Authenticator.
  • Set up a log-in alert so that when someone attempts to log into your account, you will be notified so that you can take action in time.
  • To ensure you are aware of which devices have access to your account, be sure to review your previous sessions.

Also Read: Download Secure Web Filtering – Free E-book

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

The Growing Role of AI-Powered SAST in the Developer Toolkit

In today’s app dev world, where new apps and millions of lines of code are…

19 minutes ago

Ex-CIA Analyst Pleaded Guilty For Leaking Top Secret National Defense Information

A former CIA analyst, Asif William Rahman, has pleaded guilty to charges of retaining and…

3 hours ago

Record Breaking 5.6 Tbps DDoS attack Launched by Mirai Botnet

 The Mirai botnet unleashed a record-breaking Distributed Denial of Service (DDoS) attack on October 29,…

5 hours ago

Criminal IP and OnTheHub Partner to Deliver Advanced Cybersecurity Solutions for Education

AI SPERA, a leading Cyber Threat Intelligence (CTI) provider, has collaborated with OnTheHub, a global…

5 hours ago

SQL Injection Vulnerability in Microsoft’s DevBlogs Lets Hackers Injecting Malicious SQL

In a recent discovery, a security researcher uncovered a critical SQL injection vulnerability on Microsoft’s…

6 hours ago

Three New ICS Advisories Released by CISA Detailing Vulnerabilities & Mitigations

The Cybersecurity and Infrastructure Security Agency (CISA) announced three new Industrial Control Systems (ICS) advisories.…

6 hours ago