Malicious Android apps try to hijack your Facebook account


These apps try to collect Facebook data like your ID, location, IP address and related cookies, says Zimperium.

iStock / Jirsak

Savvy cyber criminals often use social engineering to trick people into installing malware or disclosing sensitive information. A malicious campaign uncovered by wireless operator Zimperium found malicious Android apps that used social engineering tactics to gain access to victims’ Facebook accounts.

SEE: Top Android Security Tips (Free PDF) (TechRepublic)

The malicious apps, which were initially available through both Google Play and third-party stores, have surfaced in at least 140 countries since March 2021 and hit more than 10,000 victims, Zimperium said in a blog post on Monday. After Zimperium informed Google about the apps in question, the company removed them from Google Play. However, they are still available in third-party stores, which means that they pose a threat to users who download apps from unofficial sources.

The apps work by deploying an Android Trojan, codenamed FlyTrap by Zimperium. The attackers begin with the users downloading the apps using high quality graphics and accurate login screens.

Once installed, the apps try to motivate users by displaying come-ons designed to pique their interest. This includes a Netflix coupon code, Google AdWords code and a promotion asking you to vote for your favorite football team for the UEFA Euro 2020 games.

Users engaged in one of the come-ons will then be shown on the Facebook login page and asked to log into their account in order to collect the voucher code or to cast their vote. Of course there is no actual code or voting. Instead, a message appears stating that the coupon has expired and is no longer valid.

When accessing a victim’s Facebook account, the Trojan then takes action by opening a legitimate URL and using a bit of JavaScript. By injecting malicious JavaScript code, the Trojan can access and extract the user’s Facebook account details, location, IP address and cookies. As an additional threat, the Command & Control server operated by the attackers contains security holes that make all stolen session cookies accessible to anyone on the Internet.

To help Android users protect themselves from such malicious apps, Richard Melick, Zimperium’s Director of Product Marketing for Endpoint Security, shares a few tips:

Avoid installing mobile apps from unofficial sources. Although Google removed some of the malicious apps from its Google Play Store, many are still available through third-party stores and social media where they can spread quickly. Therefore, users should avoid sideloading apps or installing them from untrusted sources. Apps accessible in this way have likely not passed security scans and could more easily contain malicious code.

Be vigilant about mobile app activity and requests. Note that the app has full access and control over certain important information when you grant an app’s request to connect to one of your social media accounts.

Remove any suspicious apps. If you think an app is compromising your data, delete it from your device immediately. Once you’ve added the app on Facebook, follow the company’s instructions to remove the app and its related data.

See also

Source link


Leave A Reply