Meta Platforms disclosed that they identified over 400 malicious apps on Android and iOS that targeted users with the end goal of stealing their Facebook login credentials.

“These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them,” the social media giant said.

In addition to the aforementioned apps, a majority of the iOS apps that were posing as legit were disguising themselves as ads manager tools for Meta and Facebook.

In addition to concealing its malicious nature as a set of seemingly harmless apps, the operators also posted fake positive reviews to offset the negative reviews left by legitimate users.

The apps used a “Login with Facebook” button to trick the users into supplying their credentials to the malicious actors.

“If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information,” the company said.

All of the malicious apps have been removed from both Android’s Play Store and the iOS App Store. A complete list of the apps can be viewed here.

It is critical to practice caution when downloading apps and granting them access to your accounts as a means to use them. You should at the very least verify the developers of an app before use.

The disclosure of these fraudulent apps comes shortly after Meta-owned WhatsApp filed a lawsuit against three companies based in Taiwan and China for allegedly misleading over a million users into compromising their accounts by distributing bogus versions of the app.

Story via The Hacker News