Facebook is warning all iPhone users of 50 malicious apps downloadable via the Apple app store that have the capability of infiltrating one's iPhone as a means to gain access to their Facebook account.
Meta, formerly known as Facebook, found 50 malicious mobile apps that are available in Apple’s app store. The apps, which have gained access to users’ iPhones, are able to steal Facebook login information and compromise accounts. Meta claims that “more than a million logins” have been compromised, reported Macworld.
Facebook found over 400 of the malicious apps in total, which were available on the Google Play Store. Of those 400 apps, 50 were available for download on the iPhone through the Apple App Store. The apps didn’t look suspicious, seeming like nothing more than common photo editing apps, games, and VPN tools.
The compromised apps included many that were designed to turn regular photos into cartoons, as well as flashlight brightening apps, games that claimed to use high-quality 3D graphics, health and lifestyle apps, and VPNs that promised to give users faster browsing speeds. Most of those apps were for Android phone users and available for download through the Google Play Store. Most of the iOS apps available for download on the iPhone were analytic and business tools, which asked users to login to Facebook in order to use the app’s services, and the overall majority between both iOS and Android malicious apps fell under the photo editor category.
It isn’t uncommon for apps to ask users to login with Facebook before using them because it saves users from having to create a login and password for a new account within the app. Signing up with Facebook requires nothing more than a few clicks and doesn’t take very long. The malicious iPhone and Android apps are then easily able to steal users’ Facebook login and password information.
Facebook said that users should delete those apps if they’ve downloaded them in the past. They also said that they should change their Facebook passwords. iPhone and Android users should enable two-factor authentication and turn on login notifications to reduce the risk of getting hacked and know right away when someone is trying to gain unauthorized access to their Facebook account.
According to Facebook, over one million users may have downloaded the malicious apps. A few of the compromised apps include “FB Advertising Optimization, Business ADS Manager, Ads Analytics,” reported Macworld; the full list of the 50 iPhone apps can be found on their site. Those users whose Facebook accounts may have been compromised could receive an email from the company to make them aware of the situation.
Facebook said that anybody who downloaded any of the mentioned apps “should change their password immediately,” reported Macworld. This isn’t the first time that hackers target apps for iPhone and Android users. Recently, fake apps were created to lure in advertisers, resulting in both Apple and Google deleting numerous apps off of their stores.
The fake apps were designed to resemble other more popular apps, which then tricked advertisers into believing they would get a significant amount of exposure. iPhone users were exposed to 10 apps on the App store, and 75 were on the Google Play Store. While many of those compromised apps were only games, the iPhone apps that were created to steal Facebook information were portrayed as Facebook Ad business apps.