On Friday, the parent company of Facebook, Meta, announced that it has discovered more than 400 malicious apps designed to steal users’ Facebook login information during the course of this year.
According to a news statement issued by Meta, the apps seemed to be legitimate entertainment or utility applications, such as photo editors, virtual private networks (VPNs), or fitness trackers. The programs were distributed through the Google Play Store and the Apple App Store.
After downloading the apps, users were often required to enter into their Facebook account, which gave the malware the opportunity to collect their login credentials.
According to Meta, the individuals who were responsible for developing the malware apps also published bogus positive ratings in the app stores in an effort to cover up any unfavorable reviews that may have appeared.
Since then, all of the discovered malware apps have been withdrawn from the Google Play Store and the Apple App Store. Meta has stated that it is notifying people whose information may have been unwittingly compromised due to the removal of these apps.
Users were cautioned by the company not to trust applications that demanded their social network credentials and were advised to investigate an application’s number of downloads, ratings, and both good and negative reviews before installing it. In addition to this, they suggested checking to see if the software really does offer all of the features that it advertises having.
Meta has urged that users change their passwords, use two-factor authentication, and turn on login notifications if they are concerned that they may have downloaded an app that contains malware.