Uninstall these malicious mobile apps now, Facebook warns

Fake mobile apps are trying to steal login credentials

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Facebook says it has spotted hundreds of malicious mobile apps that abuse its single sign-on (SSO) feature to steal people’s login credentials.

While it has reported the apps toGoogleandApple, the operators of the world’s two largest mobile app stores, users who have already installed these apps will remain under threat until they are deleted.

In a blog post, the social media giant explained it identified over 400 malicious apps on Android and iOS. These apps range from fakeVPNstophoto editors, mobile games, business apps, utility apps, and health and lifestyle services.

Dangerous mobile apps

When installed, the apps in question require users to “log in with Facebook” to use their features. However, doing so results in data being stolen, allowing threat actors to use their accounts for whatever they see fit.

Sometimes, threat actors would use Facebook to distributemalwareand viruses, launch stage-tworansomwareattacks, take over pages and groups the compromised account was administrating, amplify fake news, or boost fraudulent apps with positive reviews.

Photo editor apps are by far the most popular type, comprising 42.6% of the entire batch. Business utility apps are second with 15.4%, followed by phone utility services (14.1%).

These dangerous scam iOS apps are still lurking on the App Store>More brutal malware-laden Android apps are lurking on the Play Store>These are the best firewalls around

While most of these apps can only be found on third-party app repositories and standalone websites (which should be cause for concern, to begin with), some manage to bypass security measures set up by Google and Apple, and end up getting listed on thePlay Storeand App Store. Facebook managed to get all the apps listed on official repositories removed, but for the others it can’t do much, right now.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To protect against such apps, Facebook suggests users look for “telltale signs” that differentiate malicious, from legitimate apps, including requiring social media credentials to run, the app’s reputation, or promised features.

The full list of the apps can be foundhere.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

Forget the 6,000mAh OnePlus 13 – we could see a OnePlus phone with a 7,000mAh battery