Meta Platforms Inc. said it has identified about 400 malicious apps that steal the login information of Facebook users.
The apps were available through the app stores of Apple Inc. and Alphabet Inc.’s Google Play, Meta said Friday. The company said it informed Apple and Google about the malicious apps. Meta has also begun notifying users that may have had their accounts compromised.
Apple said it removed the 45 malicious apps from its app store that were identified by Meta.
Google identified and removed a majority of the problematic Android apps throughout the year before Meta’s notification, a Google spokesperson said. All of the apps have now been removed, the spokesperson said.
Meta shares fell 3% Friday in late-morning trading.
The apps were disguised as photo editors, games and business apps, Meta said. There are many legitimate apps that offer similar features, the company said, noting that cybercriminals know these apps are popular and try to mimic them to trick people and steal their accounts and information.
After a user downloads the fake app, the app asks users to log in with Facebook using their usernames and passwords. If the information is stolen, attackers could gain access to a person’s account and access private information, Meta said.
The company said users should be wary of any app that doesn’t work without providing a Facebook login and password.
Meta recommends users change their passwords and enable two-factor authentication if they believe they have downloaded a malicious app.
