Meta identifies over 400 malicious apps targeting FB users’ data

Meta, the parent company of social media platforms Facebook, WhatsApp, and Instagram, has identified more than 400 malicious android and iOS apps that are designed to steal Facebook’s login information, the company says in a blogpost. The company has shared the findings of its report with Apple and Google. 

“Our security researchers have found more than 400 malicious Android and iOS apps this year that were designed to steal Facebook login information and compromise people’s accounts. These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them,” the company says. 

Amongst the apps that have been categorised as malicious, 42.6% are photo editing apps, 15.4% are business utility apps, 14.1% are phone utility apps, 11.7% are gaming apps, 11.7% are VPN services apps, and 4.4% are lifestyle apps. 

Meta explains that the malware apps are disguised as useful apps in the play store. “Malicious developers create malware apps disguised as apps with fun or useful functionality — like cartoon image editors or music players — and publish them on mobile app stores. Malware apps often have telltale signs that differentiate them from legitimate apps,” Meta says. 

“To cover up negative reviews by people who have spotted the defunct or malicious nature of the apps, developers may publish fake reviews to trick others into downloading the malware,” it adds. 

When a person installs the malicious app, it may ask them to “Login With Facebook” before they are able to use its promised features. If they enter their credentials, the malware steals their username and password. 

Apple says that 45 of the 400 problematic apps have been removed from its app store, while Google has also removed all malicious apps.  

According to the 2022 data breach report by IBM, the data breach average cost surged 2.6% from $4.24 million in 2021 to $4.35 million in 2022. The average cost has climbed to 12.7% from ₹3.86 million in the 2020 report. Meanwhile, stolen or compromised credentials were responsible for 19% of data breach this year, whereas phishing attacks were responsible for 16% of data breach.  

Meta says to immediately delete the app from the device and reset and create a new strong password, in case someone has downloaded the malicious apps, and have logged in using their Facebook credentials.

“Enable two-factor authentication, preferably using an Authenticator app, to add an extra security layer to your account. Turn on log-in alerts so you’ll be notified if someone is trying to access your account. Be sure to review your previous sessions to ensure you recognize which devices have access to your account,” it adds.