According to a report released earlier this month, in 2022 alone, Meta detected over 400 apps that were designed to fool users into revealing their Facebook and Instagram login credentials.

About the report

Meta’s research team discovered that a variety of applications were available in both Android and Apple app stores which request users log-in to Facebook or Instagram upon downloading, in order for them to access all of the apps’ features. However, in reality, the apps are stealing the credentials in order to access users’ private information. Most of the malicious apps are posing as photo-editing apps, but some are also pretending to be games and even VPNs. While it’s fairly easy for users to detect the majority of the scam applications due to poor UI design, Meta has shared the list of malicious applications with Google and Apple, and is warning people to be on the lookout.

Alongside the report, the Meta team also shared the following advice:

“Malware apps often have telltale signs that differentiate them from legitimate apps. Here are a few things to consider before logging into a mobile app with your Facebook account:

  • Requiring social media credentials to use the app: Is the app unusable if you don’t provide your Facebook information? For example, be suspicious of a photo-editing app that needs your Facebook login and password before allowing you to use it.
  • The app’s reputation: Is the app reputable? Look at its download count, ratings and reviews, including negative ones.
  • Promised features: Does the app provide the functionality it says it will, either before or after logging in?”

If users think they may have downloaded a malicious app, Meta recommends that users “delete the app immediately, reset their Facebook [or Instagram] password and enable 2-factor authentication.”