Meta recently disclosed vulnerability information for hundreds of malicious Android and iOS applications. All of the apps were disguised as legitimate software and were available in the Apple and Google app stores. Regardless of their descriptions and reviews, they were created with the intention of stealing user information.

Both Apple and Google were notified of the problem after Meta researchers discovered over 400 malicious apps on their respective app platforms. The apps in question allowed users to log in or access additional features through their Facebook account. When the user's credentials were entered, they were stolen and used to gain unauthorised access to the victim's data.

Facebook's developer documentation includes design, implementation, and user experience guides for including Facebook login functionality in a new app. The login function is well-known, and legitimate apps such as Pinterest and Instagram use it. The illegitimate apps named in Meta's report used function recognition as one of many methods to trick users into believing they were safe and legitimate when logging in.

Meta's statement explained how malicious developers took advantage of the popular login functionality. Fake reviews would then be posted to establish initial credibility or to bury unwanted negative reviews. Unwary users would then install the apps and enter their Facebook credentials to access the app's content or connect it to their Facebook account. At this point, the app's malware would obtain the user's submitted login credentials, allowing unauthorised third parties access to all of the user's account information, photos, and so on.

The apps delivered on their promises, bolstering their credibility as a legitimate app. Photo filter apps accounted for more than 40% of all identified malicious apps, according to Meta's findings. The remaining 60% included various phone, business, gaming, VPN, and lifestyle categories.

The announcement includes several questions and telltale signs that can assist readers in identifying fraudulent applications. It also includes a link to GitHub where developers and security engineers can examine potential threat indicators. Users who are affected are advised to reset their passwords, enable two-factor authentication, and enable logging to monitor unauthorised login attempts.