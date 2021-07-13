Be Wary of These Malicious Apps That Can Steal Your Facebook Login Credentials; What Should You Do?

Dr. Web’s security researchers and malware analysts uncovered nine apps that have been stealing Facebook passwords, with a total download of over 5.8 million. While Google has already removed them and punished the developers, some users may have been exposed.

Facebook users can protect their privacy and security by following these simple rules and tricks. They should first check if they are running any of the rogue apps that Google has removed. PIP Photo, Processing Photo, Rubbish Cleaner, Inwell Fitness, Horoscope Daily, App Lock Keep, Lockit Master, Horoscope Pi, and App Lock Manager are among the apps included in this category.

If any of these apps are installed on Facebook, they should be removed immediately. Users must reset their passwords as soon as possible if the apps asked them to agree to the terms and conditions. It’s also critical that users remain cautious at all times.

To detect apps with harmful code, Facebook users should use a reputable and trusted anti-virus solution. They should also avoid linking third-party services like Facebook with any apps available on the Play Store if at all possible. The Google Play store is simple to gain access to, and any developer can simply resubmit their product once it has been removed.

Most significantly, users must enable two-factor authentication on Facebook. Two-factor authentication will safeguard users from malicious actors and attackers if their passwords are disclosed online. They could even use it in conjunction with a password manager to boost security.

Facebook users were worried a few days ago when malware specialists at Dr. Web reported on “stealer trojans” being pushed as harmless apps. They were downloaded by about 6 million people. Exercise and training, junk file cleanup, and photo editing and framing were among the legitimate services offered by the apps.

By logging into their Facebook accounts, these malicious apps allow users to block in-app adverts. “Advertisements inside some of the apps were actually present,” according to the experts, “and this tactic was designed to further entice Android device owners to execute the essential actions.”

Those who choose this option will see the regular Facebook login page, but the page will be displayed in WebView.

The hackers then “loaded JavaScript obtained from the C&C server into the same WebView,” according to Dr. Web. The entered login credentials were instantly hijacked using this script.”

According to the analysts, this JavaScript would use “the methods supplied.” Brief News from Washington Newsday.