More than 400 malicious Android and iOS apps have been identified by meta security researchers on the official Apple and Google app stores, aiming to hijack Facebook users’ login information. It has been observed that these malicious applications are disguised as photo editors, games, VPN services, business applications, and other utilities.
The campaign chain starts with malware developers creating malicious mobile apps disguised as apps with fun or useful functions. Threat actors, who have begun publishing developed malicious applications on official application stores, may publish fake reviews and comments to cover up the negative comments of people who detect that the applications are malicious. With the installation of any of these applications, users are faced with a “Facebook Login” request before using the promised features. If users log in with their login information, the malicious application captures the entered user name, e-mail, and password information. It can use login information obtained by threat actors for various activities such as providing full access to people’s Facebook accounts, sending fake/spam messages to one’s friends, accessing private information, and fraud.
There are also many legitimate apps that offer the features listed above and require you to securely log into Facebook. In order to distinguish malicious apps from legitimate apps, there are a few important things to consider before logging into a mobile app with your Facebook account;
- If social media credentials are requested to use the application, it is important for users to check whether the application can be used without providing their Facebook information. For example, a photo editing app that requires your Facebook login and password before allowing you to use it has the potential to be harmful.
- App reputation, though imprecise, provides insight into whether the app is malicious before it is downloaded. Therefore, app reviews, downloads, and ratings, including negative ones, should be checked.
- It should be checked whether the application provides the promised functionality before or after login.
Considering these issues, users who suspect they have been affected by a malicious mobile application with the above features should take the following steps immediately.
- The app should uninstall from the device.
- Login information of social media accounts used in the application should be changed by applying strong password policies.
- Two-factor authentication mechanisms must be enabled.
- Login alerts should be enabled to detect unauthorized access attempts by unknown parties.