Over 400 malware apps dodged app store privacy checks, Meta warns

A magnifying glass showing the word malware
(Image credit: Shutterstock)

A new report from Meta has found more than 400 malicious applications for both Android and iOS designed to steal users' Facebook credentials. 

From camera editor software to VPN services, these apps managed to evade detection and feature in allegedly secure official app stores. Both Apple and Google reacted to these findings, taking them down from Apple's App Store and Google's Play Store respectively.

However, all this makes it clear how cybercriminals have refined their craft, developing malware applications that more and more closely resemble legit software. 

Even if you are securing your data with tools like the best VPN services, anybody can be tricked into downloading a fake tool and exposing their personal information.

Fake apps to infiltrate people's social media accounts

As the report shows, malware apps operate in a very simple way. Asking for users' Facebook credentials as the only option to start using such tools, hackers can easily steal people's usernames and passwords to then infiltrate into their social media accounts. 

"Our sense here is that this wasn't kind of a specific geographically targeted thing. This was more an attempt to just get access to as many login credentials as possible," said David Agranovich, Meta’s director of threat disruption, during a press briefing, reported by Forbes.

Man scrolling through Google's Play Store on smartphone

(Image credit: senengmotret / Shutterstock.com)

Among these 400+ dangerous apps, the most afflicted (over 42%) were photo editors. These were followed by business and phone utility tools, like some flashlight apps for example, comprising almost 30% of the threats. More than 11% were allegedly secure VPN software claiming to help you bypass online censorship and pump up your browsing speeds. Other fake applications also included games and lifestyle services such as horoscopes and fitness trackers.

Meta suggests that malicious developers might create these fake apps with a "fun or useful functionality" at its core in order to attract more users.  

They may publish fake positive reviews to boost apps' credibility, while trying to hide negative feedback pointing out their harmful nature.  

Even though both Apple and Google have now removed such applications from their online stores, Agranovich assured that Meta would be warn the one million users who had come into contact with the applications in case their information had been compromised.

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com