Security alerts warn about Facebook passwords being exposed through deceptive apps
Recent findings show that about one million accounts may be at risk due to Android and iOS apps that are compromised to harvest login details. Meta reported these issues and stated that the affected apps were identified and handled to simplify removal for users on both platforms.
The organization explained that dozens of malicious apps masquerade as photo editors, mobile games, or health trackers. By sharing the discovery with Apple and Google, Meta aimed to guide users toward safer device practices and better protect their accounts.
If these apps are on a device, uninstalling them is advised
In response to the threat, Apple confirmed that a portion of the problematic apps have been removed from the App Store, while Google has taken steps to remove the remaining malicious titles. A representative for the tech giant emphasized ongoing vigilance against apps designed to steal credentials.
“Cybercriminals target popular apps because they know users are drawn to features that seem too good to miss. When an app promises something like unpublished capabilities for another platform, it is a strong signal of possible ulterior motives”, stated a Meta security leader.
Unknown apps to watch out for on mobile devices
Typical scams occur when a user uploads content edited with a questionable app to a social media account. A fake login prompt then appears, tricking the user into entering a username and password.
Malicious developers publish malware disguised as entertaining or useful tools, such as cartoon image editors or music players, across mobile app stores. Some creators post fake reviews to offset concerns and encourage downloads.
When a prompt asks for a login with Facebook before allowing access to promised features, the entered credentials can be captured by the malware. This breach allows attackers to access messages, friend lists, and other private information.
Malware often shows telltale signs that distinguish it from legitimate apps. Before signing into a mobile app with a Facebook account, consider these checks:
- If the app requires Facebook credentials to use a feature that should not strictly need them, question the request. For example, a photo editor asking for a Facebook username and password upfront is a red flag.
- App reputation matters. Look at downloads, ratings, and reviews, paying attention to negative feedback.
- Assess advertised features. Does the app truly deliver the claimed functionality before or after login?
Users are advised to stay cautious when prompted to log in with Facebook during a session or to use credentials to unlock features. If credentials are entered into a suspicious prompt, the attacker can gain full access to the account and may perform actions such as messaging friends or viewing private information.
Clues can help identify fraudulent apps. A careful review of what the app asks for, how it behaves after login, and the credibility of the developer can prevent exposure to malware.
To reduce risk, it is wise to verify the legitimacy of a new app before connecting it to a Facebook account. Look for legitimate developer names, consistent update patterns, and clear privacy policies.
Overall, defenders advise users to scrutinize unusual requests, verify app origins, and limit the use of Facebook credentials to trusted applications.