If you frequently use your Facebook login to sign into new mobile apps you’ve installed, you may want to pay attention to Meta’s latest announcement.
On Friday, Facebook’s parent company Meta published a blog post written by its Director of Threat Disruption David Agranovich, and Ryan Victory, a Malware Discovery and Detection engineer at Meta. The post detailed Meta’s discovery of over 400 mobile apps “that target people across the internet to steal their Facebook login information.” Essentially, Meta found hundreds of mobile apps that were “designed to steal” the login information of Facebook users by having those users log in to these apps with their Facebook login information.
The post also noted that Meta notified Apple and Google about its discovery of these malicious apps because these apps were offered on Apple’s App Store and Google’s Google Play Store. The apps were removed from those stores before Meta’s blog post was published. Additionally, Meta is notifying Facebook users who have possibly downloaded these apps.
Four hundred-plus apps is an overwhelming number of apps to worry about, but Meta’s report provided some insight into the kinds of apps they were and included what appeared to be a long list of the names of the apps in question (located at the end of the report).
According to the report, the majority of these malware apps were photo editors, but there were also apps that fit categories like Games, VPN (as in Virtual Private Networks), Lifestyle, Business Utility, and Phone Utility. More specifically, some examples of the types of apps that were affected include photo editors, horoscopes, fitness trackers, VPN, business apps, ad management apps, and flashlight apps.
Meta’s post offered some guidance for users who may have downloaded one of these apps:
- Delete the malicious app and change your password for the accounts you used to log in to that app.
- Use two-factor authentication and enable log-in alerts so that you’ll know if other people are attempting to log in to your account.