Malicious apps continue to proliferate online, and despite heightened security on Google Play and Apple App Store, hundreds of these apps managed to get installed and stay hidden on hundreds of thousands of mobile phones, with most of them, stealing passwords.

A new report revealed that over 400 malicious apps disguised as business, photo editors, VPN, games and other utility apps target Facebook login information and endanger users' accounts. "Our security researchers have found over 400 malicious Android and iOS apps this year that were designed to steal Facebook login information and compromise people's accounts," Facebook said in its latest blog.

"These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them," the platform's Threat Disruption reported. But how do these malicious apps harvest users' login information?

According to Facebook, malicious actors develop malware apps that appear like they either have useful or fun functionalities like "cartoon image editors or music players" and put them up on mobile app stores. While it is a fact that mobile app stores have reviews so those who have tried the product can give feedback, Facebook said malicious actors review bomb the apps and made positive but fake reviews to trick users into "downloading the malware."

Following installation, the app will ask users to "Login With Facebook" before giving them access to the app and its features. If users key in their credentials, the malicious software or app will steal their username and password.

Facebook discovered that 42.6% of these malicious apps are disguised as photo editors, 15.4% are business utility apps, 14.1% are phone utility apps, 11.7% are games and VPNs, and 4.4% are disguised as lifestyle apps.

If you think you have downloaded any of the malicious apps, your Facebook account shared several tips to secure your account. The first is to "reset and create new strong passwords. Never reuse your password across multiple websites." The platform also recommended enabling "two-factor authentication, preferably using an Authenticator app, to add an extra security layer to your account."

Finally, Facebook said users should "turn on log-in alerts so you'll be notified if someone is trying to access your account. Be sure to review your previous sessions to ensure you recognize which devices have access to your account."

Facebook