October 10, 2022 – Facebook’s parent company Meta has warned that the login information of as many as one million Facebook users may have been compromised through applications designed specifically to steal the passwords.
In a statement released on Friday, Meta said the researchers detected more than 400 malicious Android and iOS apps this year that were designed to steal the login information of Facebook users. The company confirmed notifying about one million users who are likely to have their login credentials stolen through malicious applications.
According to Meta, the apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPNs, business apps, and health and lifestyle services to trick users into downloading them.
“This a highly adversarial space and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores,” said David Agranovich, Director Threat Disruption, and Ryan Victory, Malware Discovery and Detection Engineer at Meta.
“We’ve reported these malicious apps to our peers at Apple and Google and they have been taken down from both app stores prior to this report’s publication.”
That the company was warning roughly one million users who might have been affected by malicious apps was confirmed by Meta Spokesperson Gabby Curtis.
The apps were reported to Google and Apple and are no longer available for download, according to Meta.
To determine whether your login credentials have been stolen by any of the applications downloaded recently, you need to examine whether the suspected app operates only with your Facebook credentials. There are a number of apps that provide you with the option of ‘Sign in with Facebook”, but if it is the only option in order to use the app, then it is likely to be malware.
Other telltale signs include the app’s failure to deliver on promised features and function properly after sign-in, and negative ratings and reviews on the app stores.
Meta suggests deleting the app if you believe it is a malicious one, resetting and creating strong passwords, enabling two-factor authentication, and turning on log-in alerts.
