Facebook has identified over 400 malware apps that appear to have grabbed more than a million usernames and passwords. To counter the attacks, the company has now shared their findings with Google and Apple.

More than 400 apps have apparently secretly stolen the data of around one million Facebook users. The company made the announcement in an official blog post. The finding, meanwhile, comes from its crackdown on malicious mobile apps.

According to the report, the apps are available in the Apple and Google app stores and aim to compromise users’ Facebook accounts.

Malware apps disguised as useful apps

The malware was designed by third-party developers to appear funny or useful. Thus, the developers:inside smuggled the apps into the official stores.

For example, they drank them as mobile games, photo editing programs, fitness trackers, VPN services or even flashlight brighteners. In turn, to use the apps, users are supposed to log in with their social media access.

Mainly because there are also legitimate apps that ask for such logins, numerous users:innern apparently fell for it. In addition, the developers falsified customer ratings in order to cover up negative reviews.

One million Facebook users affected by malicious apps

If the hackers succeed in getting users to sign up, they potentially gain full access to the individuals’ account. They can also then send messages to their friends and access private information.

According to various media reports, about one million Facebook users have had their usernames and passwords sent to malicious apps in this way.

Meanwhile, Facebook is sending affected users a security notice and explaining how they can protect themselves from unwanted account attacks.

How users recognize malware apps

If an app requires a user’s login data to function, it is probably not authentic.

  • Users should check the reputation of the app before downloading it. In doing so, download numbers, ratings and reviews can indicate the legitimacy of the app. (Negative comments are a good sign that the comments are not fake).
  • Users should verify that the app really delivers what it promises, both with and without a login.
  • Users who fear that they have logged into a malware app should first delete the app from their device. At the same time, they should reset their Facebook password and choose a new, stronger login.

If possible, users should also use two-factor authentication for an additional security measure.

In addition, users should turn on login notifications. Thus, they will immediately receive a notification if an unauthorized person tries to use the Facebook account.

Facebook alerts Google and Apple to malicious apps

Facebook has already contacted Apple and Google to have the malicious apps removed from the stores.

We have shared our findings with industry peers, security researchers, and policymakers to improve our collective defense against this threat.

The social media platform has also published a list of all malicious apps. There, users can also find tips through which they can identify malicious applications. The company is also asking its users to report malicious apps online.

The malware apps have already been deleted, according to Google and Apple spokespeople.