Meta is warning Facebook users that dozens of “malicious mobile apps” have infiltrated users’ iPhones via the App Store. Security researchers have found hundreds of apps that “were designed to steal Facebook login information and compromise people’s accounts” and could have compromised more than a million logins.

While the company has uncovered more than 400 apps in total, only about 50 are from the iOS App Store, and all have been removed for sale. Meta reports that the apps, which were listed on the Google Play Store and Apple’s App Store as legitimate apps, were “disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them.”

The majority of apps were photo editors, specifically “those that claim to allow you to turn yourself into a cartoon,” followed by games, flashlight brightening apps, and VPNs. When installed on an iPhone, the apps ask users to Login With Facebook before they can use it. Once they do, hidden malware will steal their username and password and could use it to gain full access to their account.

Meta says users who have downloaded the apps should delete them from their phone and change their Facebook password. The company also recommends enabling two-factor authentication and turning on login alerts so as to get notified if someone is trying to access your account. The company estimates that more than a million users may have fallen victim to the fake apps.

These are the apps that Meta has identified as malicious:

iOS App ID App Name
1555651942 FB Advertising Optimization
1561642325 Business ADS Manager
1563142182 Ads Analytics
1564091908 FB Adverts Optimization
1566705026 FB Analytic
1566706023 FB Adverts Community
1574530186 Adverts Ai Optimize
1587056055 Very Business Manager
1591775710 FB Business Support
1593368297 Fb Ads
1596775769 Meta Optimizer
1597553589 Business Manager Pages
1598946098 Adverts Manager
1600072709 Meta Adverts Manager
1600404846 Ad Optimization Meta
1601275530 FB Pages Manager
1602637866 Business Ads
1603255418 Meta Business
1603571287 Business Suite Manager
1604086670 FB Ads Cost
1607057895 Adverts Bussiness Suite
1608743187 Business Ads Clock
1609915932 Ads & Pages
1610859814 Business Suite
1610944161 Business & Ads
1612196202 Business Manager Overview
1613983385 Business Suite Ads
1619733733 Page Suite Manager
1622402517 Business Meta Support
1623362126 Pages Manager Suite
1625368035 Business Meta Pages
1626632781 Business Suite Ads
1626692617 Ads Business Knowledge
1629919774 Page Suite Managers
1631778308 Pages Managers Suite
1632069527 Ads Business Advance
1632606219 Pages Manager Suite
1633012933 Business Suite Optimize
1633016482 Business Manager Suite
1633078757 Business Suite Managers
1633828994 Ads Business Manager
1635045234 Ads Business Suite
1635301567 Business Manager Pages
1635555183 Business Adverts Manager
1636196931 Ads Manager Suite
1636825108 Business Manager Pages
1639572841 Ads & Business Suite

Affected users may receive an email from Facebook alerting them to a potentially compromised account, but anyone who may have downloaded one of the above apps should change their password immediately.


This content was originally published here.