Tech news from MIST

New Android Malware Hacks Thousands of Facebook Accounts

Frauds and Scams

Jinit Jain

August 9, 2021

Winning coupon codes for Netflix or Google AdWords? Voting on your favourite football team? Can it influence your social media account? Beware: Malicious apps imparting such come-ons may want to inflict a new trojan. According to reports, a new Android trojan has been found to compromise Facebook accounts of over 10,000 users in a minimum of 144 international locations since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces. Taking action to which, the offending 9 applications have been pulled off from Google Play, but they continue to be available in several third-party app stores, highlighting the threat of sideloaded applications to mobile endpoints and user data. The working of the malicious app claimed to offer Netflix and Google AdWords coupon codes and allow users to vote for their favourite teams at UEFA EURO 2020, only under the condition that they log in with their Facebook accounts to cast their vote or collect the coupon code or credits. This operation is carried out using a way known as JavaScript injection, wherein once a user signs into the account URL inside a WebView configured with the ability to inject JavaScript code and extracts all of the vital statistics consisting of the victim's Facebook ID, location, e-mail address, IP address, and the cookies and tokens associated with the Facebook by injecting malicious JavaScript code. While the exfiltrated data is hosted on a command-and-control (C2) infrastructure, security flaws located in the C2 server might be exploited further to expose the entire database of stolen session cookies to anyone on the internet, thereby putting the victims at further threat and leading to unnecessary data breaches. These bills may be used as a botnet for different purposes from boosting the popularity of pages/sites/merchandise to spreading misinformation or political propaganda thus leading to data breaches and spreading misconception about the safety of an individual's data.

Abridged fromThe Hacker News

Click here to see the original post

Share this article