Facebook says it has discovered hundreds of malicious mobile apps abusing its single sign-on (SSO) feature to steal people’s login credentials.
While Google and Apple, the operators of the world’s two largest mobile app stores, have reported the apps, users who have already installed these apps will remain under threat until they are deleted.
In a blog post, the social media giant explained that it has identified more than 400 malicious apps on Android and iOS. These applications range from fake VPNs to photo editors, mobile games, business applications, utility applications, health and lifestyle services.
Dangerous mobile apps
Upon installation, the respective apps require users to “Sign in with Facebook” to use their features. However, doing so results in data theft, allowing threat actors to use their accounts for whatever they see fit.
Sometimes, threat actors may use Facebook to distribute malware and viruses, launch second-stage ransomware attacks, take over pages and groups that the hacked account was managing, amplify fake news, or boost fraudulent apps with positive reviews.
Photo editor apps are by far the most popular, making up 42.6% of the entire collection. Commercial utility applications come in second with 15.4%, followed by telephone utility services (14.1%).
While most of these apps can only be found on third-party app repositories and standalone websites (which should be a cause for concern, at first), some manage to bypass security measures set up by Google and Apple, and end up showing up in the Play Store and App Store. Facebook has managed to remove all the apps listed in the official repositories, but for others, it can’t do much at the moment.
To guard against such apps, Facebook suggests users look for “alarm flags” that distinguish malicious, from legitimate apps, including asking for social media credentials to run, an app’s reputation, or promised features.
The full list of applications can be found over here (Opens in a new tab).