More than 400 Malicious Android and iOS Apps Stealing Login Credentials: Report

After Meta researchers discovered more than 400 rogue apps across each of their separate app marketplaces, Apple and Google were both made aware of the problem. By using their Facebook accounts, users could log into the aforementioned apps or access their extra features. The user’s credentials were taken after being entered and exploited to grant unauthorised access to the victim’s data.

Developers can access the design, implementation, and user experience guidelines for adding Facebook login capability in a new app in Facebook’s developer documentation. Legitimate apps like Pinterest and Instagram use the login feature, which is well-known and widely used. The illegitimate apps named in Meta’s report relied on this function recognition as one of many ways to lure users into a false sense of security and legitimacy when logging in.

In his statement, Meta outlined how nefarious programmers abused the widely used login feature. Once written, fraudulent reviews would be published to increase their initial legitimacy or to suppress unfavourable criticism. The applications were then downloaded by unsuspecting users, who then used their Facebook login information to access the app’s content or link it to their Facebook account. Now that the user’s login information has been obtained by the app’s virus, all of the user’s account information, images, and other data are all accessible to unauthorised third parties.

The fact that the apps delivered on their promises added to their trust as legitimate applications. Photo filter apps took up more than 40% of all uncovered malicious apps, according to Meta’s findings. A variety of phone, business, gaming, VPN, and lifestyle categories made up the remaining 60%.

The announcement provides readers with several questions and telltale signs that can help to identify fraudulent applications. It also provides a GitHub link where developers and security engineers can review potential threat indicators. Any affected users are advised to reset their passwords, enable two factor authentication, and turn on logging to monitor unwanted login attempts.


He loves to write on Lifestyle, Health Tips & Other Health-Related things. In the free time, you can find him searching for new plugins & themes for WordPress.

Leave a Reply

Your email address will not be published.

Back to top button