Over 400 malware apps dodged app store privacy checks, Meta warns

A magnifying glass showing the word malware
(Image credit: Shutterstock)

A new report from Meta has found more than 400 malicious applications for both Android and iOS designed to steal users' Facebook credentials. 

From camera editor software to VPN services, these apps managed to evade detection and feature in allegedly secure official app stores. Both Apple and Google reacted to these findings, taking them down from Apple's App Store and Google's Play Store respectively.

However, all this makes it clear how cybercriminals have refined their craft, developing malware applications that more and more closely resemble legit software. 

Even if you are securing your data with tools like the best VPN services, anybody can be tricked into downloading a fake tool and exposing their personal information.

Fake apps to infiltrate people's social media accounts

As the report shows, malware apps operate in a very simple way. Asking for users' Facebook credentials as the only option to start using such tools, hackers can easily steal people's usernames and passwords to then infiltrate into their social media accounts. 

"Our sense here is that this wasn't kind of a specific geographically targeted thing. This was more an attempt to just get access to as many login credentials as possible," said David Agranovich, Meta’s director of threat disruption, during a press briefing, reported by Forbes.

Man scrolling through Google's Play Store on smartphone

(Image credit: senengmotret / Shutterstock.com)

Among these 400+ dangerous apps, the most afflicted (over 42%) were photo editors. These were followed by business and phone utility tools, like some flashlight apps for example, comprising almost 30% of the threats. More than 11% were allegedly secure VPN software claiming to help you bypass online censorship and pump up your browsing speeds. Other fake applications also included games and lifestyle services such as horoscopes and fitness trackers.

Meta suggests that malicious developers might create these fake apps with a "fun or useful functionality" at its core in order to attract more users.  

They may publish fake positive reviews to boost apps' credibility, while trying to hide negative feedback pointing out their harmful nature.  

Even though both Apple and Google have now removed such applications from their online stores, Agranovich assured that Meta would be warn the one million users who had come into contact with the applications in case their information had been compromised.

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Read more
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
One phone with skull and crossbones on screen among several other clean-looking phones.
Malicious iPhone apps are spreading screenshot-reading malware on the Apple App Store — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
A hacker typing quickly on a keyboard
Thousands of WordPress sites hijacked to spread Windows and Mac malware - how to stay safe
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
Google Play logo on an android smartphone with corner hole punch camera
At least 5 North Korean spy apps have been found on Google Play — what you need to know
Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
Apple Watch Series 10
Future Apple Watch models could get a surprising new feature — what we know
NYTimes Connections
NYT Connections today hints and answers — Monday, March 24 (#652)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #386 (Monday, March 24 2025)
iPhone 16 Pro vs iPhone 16 Pro Max in hand showing displays
Forget iPhone 17 — iPhone 18 could get this huge upgrade
The new Husqvarna iQ series robot lawn mower.
Husqvarna’s new robot mowers offer GPS for less
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know