In every case, Facebook was the primary target. But the hackers had the capability to steer users toward other password-protected services. They chose Facebook passwords.
There were five malware variants all using the same JavaScript code and configuration file formats to grab private information.
Once the user logged in to the application, the app also stole cookies from the current authorized session, which were in turn sent to cybercriminals.
Get rid of the malware apps
If you are running one of the nine apps listed above, you need to remove them. The first action is to uninstall the offending application.
If you used Facebook verification login with the app you also need to reset your Facebook password. Run a scan with antivirus software. That helps to find other apps using Malware. And to assure the app removal was successful.
You also need to turn on two-factor authentication for every site possible. And pair it with a password manager. This will help you generate and store unhackable passwords more securely. And even if your private password is leaked, two-factor authentication is the first line of defense against future hackers.
