400 vicious Android, iOS apps are hijacking Facebook accounts — delete them before you're next

Malware
(Image credit: Getty Images/SideLarbi Hadj Amar)

In case you missed it, Meta recently published a spine-tingling report regarding 400 malicious apps plaguing Android and iOS devices. Masquerading as innocuous software, these vicious apps are designed to steal users' Facebook login information and hijack their accounts.

Unfortunately, some of these apps evaded detection and slipped into the Google Play Store and Apple App Store, acting as legitimate apps. On the plus side, Meta disclosed its findings to Apple and Google, and consequently, the tech giants removed the malicious apps from their respective app stores. However, that doesn't automatically remove the apps from your phone, so if you have any of these 400 apps lurking on your phone, you must delete them ASAP!

How these 400 malicious apps tricked users

On the surface, these 400 deceitful apps appear harmless (e.g. music players, image editing, and VPNs). Beneath that facade, however, lurks malicious code that seeks to steal users' credentials.

The sneaky apps input a "Login with Facebook" button, prompting users to enter their passwords. Consequently, attackers gain full access to victims' accounts. Cybercriminals can then message their friends, post on their behalf and peer into their private, sensitive data.

Meta offered screenshots of these devious apps, including Dress Up Charming, Teana Music Player, and Mulu Music Player.

Malicious apps

Malicious apps Mulu Music Player and Dress Up Charming (Image credit: Meta)

What's worse is that many developers publish fake reviews of the apps to cover up the slew of negative ones that warn prospective downloaders.

If we listed every single malicious Android and iOS app that Meta discovered in its report, our fingers would fall off. Instead, you can find a full list of the apps here

Interestingly, most of the malicious Android apps claimed to be photo and video editors; we spotted a slew of VPNs, too. Conversely, most of the nasty iOS apps pretended to be FB analytics tools.

Meta recommends that users enable two-factor authentication, preferably using an authenticator app (e.g. Google Authenticator), to add an extra layer of security in case your account gets compromised. You should also turn on log-in alerts. This way, you'll be notified about any strange, unfamiliar account logins.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!

Read more
Mark Zuckerberg wearing a pair of AR glasses
"Buckle up": Meta's Mark Zuckerberg warns of "intense" year filled with AI
Microsoft Copilot logo with AI sparkle symbol, "Hi, how can I help?" is written below.
Microsoft Copilot just helped me pirate Windows 11 — Here's proof
DeepSeek whale logo in the style of the TikTok logo.
The DeepSeek mania proves it's finally — finally! — time to talk about AI privacy
A keyboard with a button that says "SCAM?"
A years-long scam that began with fake Windows pop-ups ends with PayPal payments
DeepSeek whale logo in the style of the TikTok logo.
DeepSeek's success has painted a huge TikTok-shaped target on its back
DeepSeek AI chatbot on a phone
DeepSeek jailbreakers are tricking the chatbot into bad-mouthing the Chinese government
Latest in Antivirus & Cyber-security
TP-Link routers targeted by Chinese state-sponsored cyber attacks
TP-Link routers may face nationwide ban after 'significantly alarming' link to US cyberattacks
What is a VPN kill switch — and why you should use one
You need a VPN for school, here are 3 services we recommend
The AMD Ryzen and NVIDIA RTX stickers on the Acer Nitro 17
'You basically have to throw your computer away': Researchers explain AMD 'Sinkclose' vulnerability, but do you need to worry?
Google Search
This malware is posing as Google Authenticator using Google ads — here's how to protect yourself
Windows 10 BSOD saying "It's not you, it's me."
Microsoft reveals CrowdStrike outage could have a surprising long-term impact on everyday users
MANILA, PHILIPPINES - JULY 19: Long queues of passengers form at the check-in counters at Ninoy Aquino International Airport, amid a global IT disruption caused by a Microsoft outage and a Crowdstrike IT problem, on July 19, 2024 in Manila, Philippines. A significant global outage affecting Microsoft services, particularly Microsoft 365, has caused widespread disruptions across various sectors, including airlines, banks, and health systems. The outage was attributed to a glitch in CrowdStrike's "Falcon Sensor" software, which impacted Windows systems, leading to thousands of flight cancellations and operational chaos in multiple industries. Microsoft has reported that the underlying cause of the outage has been fixed, but residual effects continue to impact some users as the company works on full recovery. (Photo by Ezra Acayan/Getty Images)
The CrowdStrike outage spotlights major vulnerabilities in the global information ecosystem
Latest in News
A close-up of a light-colored computer keyboard shows the keys T, Y, G, and H replaced by the logos of OpenAI, DeepSeek, Grok, and Gemini, the leading competitors in the artificial intelligence market. This serves as a visual metaphor for the intense rivalry and innovation in the AI industry. (Photo by Matteo Della Torre/NurPhoto via Getty Images)
Is generative AI inadvertently reducing the voices of many to the banality of one?
Asus ROG Ally Z1 on a brown table with the game Unpacking played on screen.
Handheld gaming PCs have a Windows problem — but maybe not for long
WWDC 2025 could mark the beginning of the end for certain iPhone users
Error when installing Google Chrome on the Asus Vivobook 16 Flip, on a white desk against a blue background.
"This app can't run on your PC": Google's Chrome Installer broke on Windows, but there's a fix
Nintendo Switch 2 handheld gaming console
Nintendo Switch 2 preorder date: It might be a lot closer than you think, say tipsters
Microsoft Surface Laptop (7th Edition, 2024)
Windows-on-Arm woes: Amazon warns customers about Surface laptop returns