These 400 malicious Android and iOS apps can hack your Facebook — delete them now

Green skull on smartphone screen.
(Image credit: Shutterstock)

Update: Over 1 million Facebook users' passwords compromised — what to do now.

Having your Facebook account hacked can throw your social life into turmoil, which is why you need to be extra careful online to avoid falling victim to phishing attacks. However, phishing isn’t the only way that hackers can gain access to your credentials and steal your accounts.

Malicious apps posing as legitimate apps are another threat to watch out for. In fact, new research from Facebook’s parent company Meta has revealed that its security researchers have identified more than 400 malicious Android and iOS apps on the Google Play Store and Apple App Store in this year alone.

While malicious apps often find their way onto third-party app stores since they have less restrictions in place, sometimes these bad apps slip past Google and even Apple’s defenses which is why you should always exercise caution when downloading any new app.

Malicious apps hiding in plain sight

According to a new Meta blog post, the 400 malicious apps discovered by its security researchers were disguised as photo editors, games, VPN services, business apps and other utilities. 

Photo editing apps were the most dangerous as they made up 42.6% of the 400 malicious apps followed by business apps (15.4%) and utilities (14.1%). 

In order to increase how many people download their malicious apps, the cybercriminals behind them publish fake reviews on the Play Store and App Store to help boost their ratings. When someone discovers one of these apps is actually malicious, their creators flood the app’s listing page with fake reviews in an attempt to hide the negative reviews.

Delete these apps now

Fortunately, all of the apps in question have since been removed from both the Play Store and App Store. After discovering them, Meta’s researchers reached out to Google and Apple to have them taken down so that more users wouldn’t be tricked into downloading them and having their Facebook accounts stolen.

Still though, if you have any of the apps listed below installed on your devices, you will need to manually delete them. These are just a few of the 400 malicious apps and you can find the full list on Meta’s blog post.

Android apps

  • Apex Race Game
  • Video Converter Master
  • Acetoon Photo Cartoon
  • ZodiHoroscope – Fortune Finder
  • Unblocked Website
  • Cool Photo Editor
  • Cool Filter Editor
  • Text Camera
  • Perfect Photo Effects | Loop Photo
  • Beauty Camera
  • Beauty Camera Plus
  • Bamboo VPN
  • Candles VPN
  • Fast VPN Proxy
  • Speedy Vpn Tunnel
  • YouToon – AI Cartoon Effect
  • Videolancer – Pro Video Maker
  • All in one Doc Editor & Viewer
  • Instant Translator
  • Meta Optimizer – Ads Analysis
  • Astro Horoscope Guide 2022
  • Tower Defense Zone – Batmen Rush
  • Smart AppLock
  • Pulse Music Player
  • Rush Car 3D

iOS apps

  • Business ADS Manager
  • Ads Analytics
  • FB Adverts Optimization
  • FB Analytic
  • FB Adverts Community
  • Adverts Ai Optimize
  • Very Business Manager
  • FB Business Support
  • Fb Ads
  • Meta Optimizer
  • Business Manager Pages
  • Adverts Manager
  • Meta Adverts Manager
  • Ad Optimization Meta
  • FB Pages Manager
  • Business Ads
  • Meta Business
  • Business Suite Manager
  • FB Ads Cost
  • Business Ads Clock

How to protect your Facebook account from malicious apps

how to make yourself anonymous on Facebook

(Image credit: Shutterstock)

When it comes to staying safe from malicious apps, the first thing you should do is ask yourself whether or not you really need the app. From there, keep in mind that if an app seems too good to be true, it probably is.

If you do decide to download a new app, you should look for external reviews that aren’t on the Play Store or App Store as they can be easily faked. Video reviews can be a great resource as they can show you whether or not an app does what it claims. 

For those with one of the best Android phones, you also need to look out for the types of permissions an app requests. For instance, does that flashlight app really need access to your contacts in order to work? Most likely not. At the same time, you should also ensure Google Play Protect is enabled on your devices as it can help protect against malware and other threats. Installing one of the best Android antivirus apps is also a good idea, especially if you frequently install new apps.

As Meta points out, you should also be wary of an app that asks you to login with your Facebook credentials in order to work. This is a major red flag, and in this case, you should delete the app immediately. It’s true that many legitimate apps and websites offer single sign-on by letting you log on with your Facebook account, but sometimes the risk outweighs the convenience. It may be worth creating a new account for an app when possible instead of logging in with your Facebook credentials. (And if Facebook is the only way you can sign in, don’t walk away  —  run.)

What to do if you've downloaded a malicious app

smartphone malware

(Image credit: Shutterstock)

If you’ve downloaded one of the apps in question and have since logged in with your social media or other account credentials, you will need to delete the app as well as take several steps to help secure your accounts.

First off, you should reset all of your passwords, especially if you reuse the same password across multiple accounts (something you absolutely shouldn’t be doing in the first place). You can then use one of the best password managers to create strong and unique new passwords for all of your accounts and store them securely.

Enabling two-factor authentication (2FA) is also recommended as doing so adds an extra layer of security to your accounts and makes it harder for hackers to take them over. At the same time, you should enable log-in alerts so that you’ll get a notification when someone tries to access your accounts. Signing up for one of the best identity theft protection services can also help you quickly recover from having your identity stolen after installing a malicious app.

Finally, Meta has its own Security Checkup Tool that you can use to help further secure your Facebook account. However, you will need to login to your Facebook account in order to use it.

Malicious apps continue to be a major problem on Android but they can also affect iPhone users as well. If you really want an app, paying for it makes more sense than searching for a free alternative since the consequences of downloading a malicious app can be quite devastating.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.