Facebook says malicious apps steal login credentials. Here’s what you need to do now
Apps offering photo filters, horoscopes or fitness tips may seem innocuous, but hundreds of them steal people’s Facebook IDs.
Parent company Meta said about 1 million Facebook users may have had their Facebook credentials stolen by more than 400 malicious Android and iOS mobile apps they downloaded this year.
The apps were listed in the Google Play Store and Apple’s App Store and disguised themselves as photo editors, games, VPN services, business apps, and other utilities.
“We reported these malicious apps to our peers at Apple and Google and they were removed from both app stores prior to the publication of this report. We are also alerting people who may have unknowingly compromised their account by downloading those apps and sharing their credentials, and we help them secure their accounts,” according to David Agranovich, Director of Threat Disruption and Ryan Victory, Malware Discovery and Detection Engineer.
“Fitness’s Best Kept Secret”: Mobile video games like Pikmin inspire kids to exercise outdoors
Kardashians, body image and social networks: Why parents should stop filtering their photos
Keeping malicious apps off your phone is a constant struggle. Despite Apple and Google’s efforts to keep these apps out of their mobile app stores, villains with designs on your personal information still escape detection. Of the 400 apps discovered by Meta, most were Android apps.
Users should be careful when downloading new apps that request social media logins, Meta officials said. Apps often post fake reviews to drown out negative reviews and trick people into downloading them.
Once the app is installed, users are prompted to log in with Facebook, which allows the app to steal the password and username.
“If login credentials are stolen, attackers could potentially gain full access to someone’s account and do things like message their friends or access private information,” Meta said.
But many legitimate apps require users to log in with their Facebook accounts. How can users tell the difference?
Before downloading, check the reputation of the app. Does the application offer the services it claims? Is the app unusable unless you provide your Facebook ID?
If you’ve been affected, Meta says you should remove the app from your device. Next, reset your password, turn on two-factor authentication, and turn on login alerts so you know if someone tries to access your Facebook account. Review your previous sessions to make sure you recognize which devices have access to your account.
This article originally appeared on USA TODAY: Facebook: Malicious apps stole login credentials. what you should do