article featured image


In a recent press release, Meta shares with the public a list of over 400 malicious Android and iOS apps specifically designed to steal Facebook login information. The company has also disclosed its findings to Apple and Google to help affected users protect their accounts.

These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them.


Some examples of malicious apps include:

  • Photo editors, including those that claim to allow you to ‘turn yourself into a cartoon’
  • VPNs claiming to boost browsing speed or grant access to blocked content or websites
  • Phone utilities such as flashlight apps that claim to brighten your phone’s flashlight
  • Mobile games falsely promising high-quality 3D graphics
  • Health and lifestyle apps such as horoscopes and fitness trackers
  • Business or ad management apps claiming to provide hidden or unauthorized features not found in official apps by tech platforms.

The complete list is available here.

How Do They Work?

As CyberNews explained, many malware apps have the capability to avoid detection and are designed to look entertaining or helpful. Usually, the developers of these sites create false good ratings to hide the bad ones and deceive users into downloading malware.


When a user installs the malicious app, they are requested to ‘log-in with Facebook’ before they can access the claimed benefits. The attacker intends to acquire complete control of the victim’s account in this manner.

There are many legitimate apps that offer the features listed above or that may ask you to sign in with Facebook in a safe and secure way. Cybercriminals know how popular these types of apps are and use these themes to trick people and steal their accounts and information.


How Can You Identify Them?

You can spot a malicious app by paying attention to some telltale signs. If the software requests your Facebook credentials, it can be a scam. Always pay attention to the number of downloads, ratings, and reviews for the app, particularly the negative ones.

If you suspect you may have been affected, Meta advises to change your passwords right away, enable two-factor authentication, and enable log-in alerts.


Additionally, the company encourages individuals to use their Data Abuse Bounty program to report malicious apps that compromise Meta accounts.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo