Attention, online users: According to Meta, more than 400 apps are equipped with fake features. Their goal: to steal login data for Facebook and Instagram.
Berlin – Not every app should necessarily be comfortable for its user. This is made clear by the US technology company Meta, which has so far found more than 400 malicious apps in Google’s and Apple’s respective app stores in 2022. Its purpose: to steal sensitive user data that is used to log in Facebook, where sometimes there is a risk of losing accessand empower Instagram.
Meta warns of more than 400 apps equipped with fake features: Third parties want to steal login data for Facebook and Instagram
According to Meta, the apps equipped with fake features are of very different types, including games, VPN services and photo editing tools. Your users could only use the functions of the respective app if they had previously logged in with their account data for the meta platforms.
In the meantime, however, the apps have been removed from the stores. On his own blog, Meta explains how these malware apps work, what those affected can do and which apps are actually affected by the problem. After the discovery of more than 400 malicious apps, Google and Apple were informed immediately.
Malware-laden apps allow third parties access to Facebook and Instagram accounts
According to Meta, photo editor apps were particularly affected by the fake features. There is talk of 42.6 percent of malicious apps that could be assigned to this category. Basically, apps that appear to have useful functions at first glance are ultimately only intended to encourage users to log in with their account data.
If a person installs the malicious app, they may be prompted to sign in with Facebook before being able to use the promised features. Then, when the credentials are entered, the malware steals the username and password.
And if people who planted the malware in the apps were able to get hold of the account information, there was a chance they could gain full access to Facebook or Instagram accounts.
Facebook and Instagram data at risk: How to spot malicious apps
A distinction must be made between legitimate apps that require a login per se and those apps that should actually not require a Facebook login before any functions can be used. The difference according to the meta-experts: The malicious apps already request the account data to use the app, not just for individual areas.
What does malware actually mean and what can it do?
Computer programs are generally referred to as malware, malware or malicious software, which are intended to perform undesirable and sometimes harmful functions from the point of view of those affected. Malware, i.e. “malicious software”, is often used as a generic term for viruses, worms, spyware and other malicious software.
Furthermore, these malicious apps often do not deliver the features promised in the description. In addition, negative ratings and low download numbers would indicate that these are malicious apps. However, the app operators would sometimes resort to fake reviews to give their apps designed for data theft the appearance of the best possible reputation.
Malicious apps are already installed on the cell phone: According to Meta, this is how to proceed
Anyone who discovers such malicious apps is encouraged to report them directly to Google, Apple or even the Meta team. According to the news company Bloomberg, just over a million users have been stolen from the apps identified as malicious. If third parties have logged into Facebook or Instagram with their personal account data, or if there has at least been an attempt that failed due to two-factor authentication, the following can be done:
- delete the affected app immediately
- enable two-factor authentication (if not already done)
- Set login alerts to find out when there are third-party login attempts
In addition, Meta advises to always report data abuse directly. On his Blog also lists metawhich of the now removed apps are affected by the fake features. The display is divided into iOS and Android apps.