Beware of the App which may steal your Facebook and Instagram Log-in Info
Getting in sync with the worries of social media users, Social Media giant Meta has reported that it has detected around 400 apps which steals the users login information to developers in major privacy breach. These apps are major attraction for naïve social media users who fall in trap on the promise of fake features
Let’s see what Meta has warned to it’s users
- We identified more than 400 malicious Android and iOS apps this year that target people across the internet to steal their Facebook login information.
- We reported our findings to Apple and Google and are helping potentially impacted people to learn more about how to stay safe and secure their accounts.
- We’ve included more information about these apps at the bottom of our post to enable further security research by our industry so we can improve our collective defense.
As per statement of Meta these mobile apps are present on official Apple and Google app stores and is designed to compromise people’s Facebook Accounts. Meta has shared these findings with several peers groups and policy makers and intends to work together against such threats collectively. Meta has also warned social media users to be xtra cautious while using such malicious apps which demands social media login information from the users.
According to the finders of security researchers these malicious android and iOS apps are listed on Google Play Store and Apple’s App Store and often disguised as popular category like photo editors, games, VPN services, business apps and other utilities to trick people into downloading them.
Major Categories of Malicious Apps
Working Methodology of these Apps
Malicious developers create malware apps disguised as apps with fun or useful functionality — like cartoon image editors or music players — and publish them on mobile app stores.
To cover up negative reviews by people who have spotted the defunct or malicious nature of the apps, developers may publish fake reviews to trick others into downloading the malware.
When a person installs the malicious app, it may ask them to “Login With Facebook” before they are able to use its promised features. If they enter their credentials, the malware steals their username and password.
If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information.
How You Can Stay Safe
There are many legitimate apps that offer the features listed above or that may ask you to sign in with Facebook in a safe and secure way. Cybercriminals know how popular these types of apps are and use these themes to trick people and steal their accounts and information.
Malware apps often have telltale signs that differentiate them from legitimate apps. Here are a few things to consider before logging into a mobile app with your Facebook account:
- Requiring social media credentials to use the app: Is the app unusable if you don’t provide your Facebook information? For example, be suspicious of a photo-editing app that needs your Facebook login and password before allowing you to use it.
- The app’s reputation: Is the app reputable? Look at its download count, ratings and reviews, including negative ones.
- Promised features: Does the app provide the functionality it says it will, either before or after logging in?
Meta has also reported that they encourage people to report malicious applications that compromise Meta accounts to us through our Data Abuse Bounty program.