Over 400 Malicious Android & iOS Apps Stealing Facebook Passwords

In a recent press release from Meta Platforms, it was announced that over 400 malicious apps had been identified on both Android and iOS platforms. 

The goal of these apps was to steal login information for Facebook accounts from online users to leverage their fraudulent use of these apps. The most shocking thing is that the credentials of at least 1 million Facebook users may have been stolen by these malicious applications.

These malicious apps were listed and disguised as the following on both Apple’s App Store and Google Play Store:-

  • Photo editors
  • Games
  • VPN services
  • Business apps
  • Phone Utilities
  • Lifestyle

Malicious Apps


According to the report, among those malicious applications, there are 355 Android applications, and 47 iOS applications. It is necessary to set up an account with the Login with Facebook feature after the application has been launched, which prompts the user to create a profile.

It is possible for malware embedded in the application to steal the login credentials of a victim as soon as they enter their credentials.

In the event that a user uses the same credentials on another service, the attacker will be able to gain access to the user’s account and other accounts as well.

Both the Apple App Store and the Google Play Store have removed the apps in question from their respective stores. 

When downloading applications such as these, you should always exercise caution. Make sure you verify the access permissions before granting Facebook access to the promised functionality of the app.

Checking app permissions and reviews, as well as confirming the app developers’ legitimacy, is part of this process. Moreover, if you want the full list of 403 malicious apps then you can access them here.

Affected Individuals: What to Do?

Follow these mitigations if you believe that you have downloaded or logged in using one of these malicious applications:-

  • In the first place, you should delete the app from your device as soon as possible.
  • Create a new strong password and reset your old one.
  • If you use the same password for more than one website, be sure not to reuse it.
  • The most effective way to ensure the safety of your account is to enable two-factor authentication, preferably through an app called Authenticator. 
  • Set up a log-in alert so that when someone attempts to log into your account, you will be notified so that you can take action in time. 
  • To ensure you are aware of which devices have access to your account, be sure to review your previous sessions.

Also Read: Download Secure Web Filtering – Free E-book

Posted by Charlie