Meta Flags Malicious Android, iOS Apps Affecting 1M Facebook Users

Some 400 mobile apps have posed as legitimate software on Google Play and the Apple App Store over the past year, and were designed to steal Facebook user credentials.

Facebook is contacting about 1 million users of its platform about their account details potentially being compromised by malicious Android or iOS applications.
In a blog post on Oct. 7, Facebooks parent company Meta said its researchers had detected 400 malicious Android and iOS apps over the past year that were designed to steal usernames and passwords belonging to Facebook users and to compromise their accounts. The poisoned apps were uploaded to Googles and Apples app stores and masqueraded as legitimate games, VPN services, photo applications, and other utilities.
When users downloaded and attempted to use one of the malicious apps, it would prompt them to enter the users Facebook username and password. If a user entered their credentials, attackers would gain full access to the individuals account, private information, and their friends on the social media platform, Meta said.
This is a
highly adversarial space,
and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores, David Agranovich, Metas director of threat disruption, and Ryan Victory, malware discovery and detection and engineer, wrote in the blog post.
Meta reported the apps to Apple and Google, and the researchers noted, We are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials and are helping them to secure their accounts.
Many of the iOS and Android apps that Meta detected on Apple and Googles mobile stores purported to have some fun or useful functionality, like music players and cartoon image editors. A plurality (42%) posed as photo editors, some of which claimed they could turn a users photo into a cartoon.
About 15% purported to be business utilities, such as VPNs that claimed to help users access blocked content and websites or to boost their Internet browsing speeds; 14% were phone utilities, such as flashlight apps that purportedly helped brighten the phones flashlight.
Mobile games accounted for about 11% of the 400 or so malicious apps that Metas researchers discovered. Fake reviews might have helped boost the reputation of some of these apps and helped hide potential negative reviews of these apps, Meta said.
Facebook did not say how many of the 400 apps were Android-based. But Apple said that out of the 400 total apps mentioned in Metas blog post, 45 were on iOS — leaving 355 for Android.
A Google spokesman says all the apps identified in the Meta report are no longer available on Google Play. Users are also protected by Google Play Protect, which blocks these apps on Android, he said.
Apple also confirmed that the apps were removed from the App Store.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Meta Flags Malicious Android, iOS Apps Affecting 1M Facebook Users