Remembering your username and password for a service or app can be challenging. You should always use a complex password, but many people forgo the advice and use easily crackable ones. This can have dangerous consequences, especially if you use the same credentials for multiple accounts.
Big Tech companies and social media sites make things more dangerous by letting you sign into other apps and services using one set of credentials. For example, you can sign into games or apps on Facebook with your Facebook login data.
Read on to find out how Facebook’s parent company Meta found hundreds of apps that abuse the technology.
Here’s the backstory
Whether you use an Android or iOS phone, you can use your Facebook or Google credentials to sign into many apps and services.
But Meta recently found over 400 Android and iOS apps that abuse this convenient way of signing in. The apps claim to be anything from photo editors and VPN services to phone utilities and mobile games. But they all have one goal: to steal your Facebook login details.
It begins with fake apps disguised as fun games or functionality tools published on app stores but created to spread malware, Meta explains.
After you install a malicious app, it asks you to sign in with your Facebook credentials before proceeding. The malicious app sends the data to the criminals if you supply the information.
This gives them full access to your Facebook profile, where they can spread spam through messages or access confidential details. They can even steal personal information from your page and create another pretending to be you to trick friends and family.
While Meta didn’t disclose the malicious apps’ official names, it provided some statistics. Over 40% of the malicious apps are photo editors, 15% are business and phone utilities, 11% are mobile games, and just over 11% are virtual private networking apps.
What you can do about it
Meta said it sent the findings to Google and Apple and contacted people who may have unknowingly self-compromised their accounts by downloading malicious apps.
Here are some ways to stay safe from apps hiding malware:
- Don’t sign into apps or services using credentials from Facebook, Google or another service. Create strong, unique passwords for every online account.
- Only download apps from official app stores and never from third-party libraries.
- Before downloading an app, read its reviews and check the ratings to ensure they are genuine. Some scammers publish many fake reviews to hide negative comments.
- Where possible, enable two-factor authentication on all your accounts. This creates another layer of security where you must approve a login attempt. Tap or click here for details on 2FA.
- Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!