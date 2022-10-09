The social media giant has named 400 apps, from beauty filters to games and horoscopes, which have been stealing logins and passwords.

Facebook says that up to 1m people may have had their logins and passwords stolen and misused by beauty apps, photo-editors, games and other ‘rogue’ apps in the two main app stores.

The social media giant has named 400 apps, including beauty filters, utilities such as torch apps, VPNs and business management apps in Android’s PLay Store and Apple’s App Store.

The company says that the rogue apps could give attackers “full access to a person’s account”, allowing them to initiate cash-appeal scams. The stolen credentials could also be used to access other services that use Facebook logins as an entry.

The company says it has removed the rogue apps and is contacting affected individuals.

“We identified more than 400 malicious Android and iOS apps this year that target people across the internet to steal their Facebook login information,” said David Agranovich, director of threat disruption in Facebook.

“We reported our findings to Apple and Google and are helping potentially impacted people to learn more about how to stay safe and secure their accounts.”

“When a person installs the malicious app, it may ask them to log in with Facebook before they are able to use its promised features,” he said.

“If they enter their credentials, the malware steals their username and password.”

Some of the rogue apps claim to allow you to “turn yourself into a cartoon”. Others names, such as ‘Cool Filter Editor’ and ‘Beauty Camera Plus’, promise filters and effects.

Facebook says that its list includes rogue VPN apps, such as Fast VPN Proxy, which claim “to boost browsing speed or grant access to blocked content or websites”.

And the list (which Facebook has published here) includes phone utilities such as torch or flashlight apps that claim to brighten your phone’s torch facility.

It also includes health and lifestyle apps such as horoscopes and fitness trackers, while business or ad management apps that claim to provide hidden or unauthorised features not found in official apps, are also named.

Facebook has urged people to watch out for some telltale signs of an app’s scam intentions.

“Is the app unusable if you don’t provide your Facebook information? For example, be suspicious of a photo-editing app that needs your Facebook login and password before allowing you to use it.”

It also advises to check whether the app is reputable. “Look at its download count, ratings and reviews, including negative ones.”

General advice for people seeking to protect themselves also includes regularly changing passwords and enabling two-factor authentication, which requires anyone seeking to log in to an account to use a one-time code sent to a different email address or SMS number.

“Turn on log-in alerts so you’ll be notified if someone is trying to access your account,” the company adds. “Be sure to review your previous sessions to ensure you recognise which devices have access to your account.”