Yahoo Finance Hundreds of apps are stealing people’s Facebook accounts, Meta warns
Hundreds of apps are secretly stealing people’s Facebook logins, parent company Meta has warned.
The apps hide inside the iPhone and Android app stores, appearing to offer useful services. They might show as photo editors that offer fun filters, for instance, or useful tools such as flashlights.
But more than 400 such apps have been found actually stealing Facebook login details and then getting into people’s accounts, the company said in an update.
It warned users to be careful when downloading new apps, if they ask for social media credentials when signing up.
Most of the apps were photo editors, it said, with almost 43 per cent coming in that category. But that apps can take a number of forms, with developers seemingly targeting categories that are likely to encourage people to download them.
Developers also use a number of other tricks to hide the scam. That can include publishing fake positive reviews so that critical reviews from those who have spotted the malicious nature of the app will be drowned out.
When the app is finally installed, users are prompted to login with Facebook, so that they can get access to those features. But the login is actually intended to steal the password and username.
With that, attackers can break into Facebook accounts, stealing other data or messaging friends in an attempt to get even more people involved.
There are few very obvious ways to distinguish those malicious apps from legitimate ones. Many real apps might offer such services – and require users to log in with their Facebook accounts.
But Meta advised that people take three steps before downloading and logging into such an app. First anyone should be suspicious of apps that require a social login to use features, should check their reputation, and check whether the app really seems to be offering the services it promised.
If anyone is affected, Meta advised resetting passwords, switching on two-factor authentication and switching on login alerts so that you will be warned if anyone tries to get into you Facebook account.
