400 vicious Android, iOS apps are hijacking Facebook accounts — delete them before you're next

Malware
(Image credit: Getty Images/SideLarbi Hadj Amar)

In case you missed it, Meta recently published a spine-tingling report regarding 400 malicious apps plaguing Android and iOS devices. Masquerading as innocuous software, these vicious apps are designed to steal users' Facebook login information and hijack their accounts.

Unfortunately, some of these apps evaded detection and slipped into the Google Play Store and Apple App Store, acting as legitimate apps. On the plus side, Meta disclosed its findings to Apple and Google, and consequently, the tech giants removed the malicious apps from their respective app stores. However, that doesn't automatically remove the apps from your phone, so if you have any of these 400 apps lurking on your phone, you must delete them ASAP!

How these 400 malicious apps tricked users

On the surface, these 400 deceitful apps appear harmless (e.g. music players, image editing, and VPNs). Beneath that facade, however, lurks malicious code that seeks to steal users' credentials.

The sneaky apps input a "Login with Facebook" button, prompting users to enter their passwords. Consequently, attackers gain full access to victims' accounts. Cybercriminals can then message their friends, post on their behalf and peer into their private, sensitive data.

Meta offered screenshots of these devious apps, including Dress Up Charming, Teana Music Player, and Mulu Music Player.

Malicious apps

Malicious apps Mulu Music Player and Dress Up Charming (Image credit: Meta)

What's worse is that many developers publish fake reviews of the apps to cover up the slew of negative ones that warn prospective downloaders.

If we listed every single malicious Android and iOS app that Meta discovered in its report, our fingers would fall off. Instead, you can find a full list of the apps here (opens in new tab)

Interestingly, most of the malicious Android apps claimed to be photo and video editors; we spotted a slew of VPNs, too. Conversely, most of the nasty iOS apps pretended to be FB analytics tools.

Meta recommends that users enable two-factor authentication, preferably using an authenticator app (e.g. Google Authenticator), to add an extra layer of security in case your account gets compromised. You should also turn on log-in alerts. This way, you'll be notified about any strange, unfamiliar account logins.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!