These apps can steal your Facebook password, warns Meta
Remember downloading an app that didn't work at all? Well, it is possible that the app's sole purpose was to steal your Facebook password. Facebook-parent Meta has started notifying around one million users about malicious apps. The company has identified around 400 apps that steal users' login information. The apps have now been removed from app stores after Meta notified both Apple and Google.
Why does this story matter?
For Facebook, the tag of being the largest social media platform in the world comes attached with some issues. One of them is unscrupulous elements trying to steal the username and passwords of its users. The finding that fake apps have been stealing passwords is an unsettling one. A better screening process is required by app stores to weed them out.
Most of the malicious apps are photo editors
Meta has identified password-stealing apps that disguise themselves as photo editors, mobile games, and VPN services, among others. Out of the 400, 42.6% are photo editors, 15.6% are business apps, 14.1% are phone utility apps, 11.7% are games, 11.7% are VPN tools, and 4.4% are lifestyle apps. The apps were found in both the App Store and Google Play.
How do the fake apps work?
According to Meta, password-stealers mimic legitimate apps by offering some of the same functionalities. To drown negative reviews about them, developers publish positive reviews to trick those looking to download the apps. Once you download the app, it will ask you to 'Login with Facebook.' After you enter the credentials, the app will steal your username and password.
Delete apps that only work with Facebook credentials
Meta has asked users to be wary of apps that don't provide any other way to login but with Facebook credentials. If that's the case, there is a high probability that the app will steal your username and password.
How to protect yourself from password-stealers?
Before you download any app, check for its download count, ratings, and reviews. While you check reviews, don't forget the negative ones. Check whether the app does what it claims to do. If not, delete it. If you believe that you have downloaded a malicious app, change your password immediately. Also, enable two-factor authentication.
