Mark your calendar for Mediaweek, October 29-30 in New York City. We’ll unpack the biggest shifts shaping the future of media—from tv to retail media to tech—and how marketers can prep to stay ahead. Register with early-bird rates before sale ends!
Meta said Friday that it identified more than 400 malicious Android and iOS applications aimed at stealing users’ login information for Facebook, and it reported those findings to Apple and Google so that those apps can be removed from their respective app stores.
People whose accounts were compromised by those apps were also alerted by Meta.
A spokesperson for Apple told Adweek only 45 of the 400-plus apps were on iOS, and they have already been removed from its App Store.
Meta explained that hackers create fake apps that promise features or utilities, and those apps prompt people to login with Facebook, compromising their accounts. Examples include:
- Business or ad management apps, claiming to provide hidden or unauthorized features not found in official apps by tech platforms.
- Health and lifestyle apps, such as horoscopes and fitness trackers.
- Phone utilities, such as flashlight apps that claim to brighten the flashlight on people’s devices/
- Photo editors or similar apps that claim to let users turn themselves into cartoons.
- Virtual private networks that claim to boost browsing speed or grant access to blocked content or websites.
Meta shared the following tips for how people can spot these types of malicious apps:
- Does the request to login with Facebook make sense? The company cautioned against apps that request users’ credentials before providing any functionality.
- What is the app’s reputation? Users should examine reviews in app stores to see if any called the app out as a scam or misleading.
- What is the app promising? Meta wrote, “If the app promises you something too good to be true, like unreleased features for a platform, chances are that it has ulterior motives.”
The company said any people who were affected by malicious apps should delete those apps from their devices immediately, reset and create new strong passwords, enable two-factor authentication and turn on login alerts to be notified if someone is trying to access their account.
Meta also urged people to report malicious apps to its Data Abuse Bounty program.
The company wrote in a blog post Friday, “Today, we’re sharing an update on our work against malicious mobile apps available in the official Apple and Google app stores that are designed to compromise people’s Facebook accounts. We’ve shared our findings with industry peers, security researchers and policymakers to help us improve our collective defenses against this threat. Most important, because these apps were accessible in third-party app stores, we’re encouraging people to be cautious when downloading a new app that asks for social media credentials and providing practical steps to help people stay safe.”
