Meta’s security team has identified more than 400 malicious Android and iOS apps available in the official Apple and Google app stores designed to steal Facebook account credentials.
The malicious apps were disguised as photo editors, games, VPN services, phone utilities, business apps and health and lifestyle apps such as horoscopes and fitness trackers.
Meta said it notified both Apple and Google about the offending applications and they have been removed from the app stores. Facebook’s owner said that more than one million users installed the apps and that it is currently alerting people who may have unknowingly self-compromised their accounts by downloading these apps. The full list of the malicious apps is available in Meta’s report.