Malicious Android apps try to hijack your Facebook account

3 years ago 366

These apps effort to seizure specified Facebook information arsenic your ID, location, IP code and associated cookies, says Zimperium.

malware-skull.jpg

iStock/Jirsak

Savvy cybercriminals often usage societal engineering to effort to instrumentality radical into installing malware oregon revealing delicate information. A malicious run uncovered by mobile information supplier Zimperium recovered malicious Android apps that employed societal engineering tactics to summation entree to the Facebook accounts of their victims. 

SEE: Top Android information tips (free PDF) (TechRepublic)  

Initially disposable done some Google Play and third-party stores, the malicious apps person surfaced successful astatine slightest 140 countries since March 2021, hitting much than 10,000 victims, Zimperium said successful a Monday blog post. After Zimperium informed Google of the apps successful question, the institution removed them from Google Play. However, they're inactive accessible connected third-party stores, which means they're a menace for users who sideload apps from unofficial sources.

The apps enactment by delivering an Android trojan that Zimperium codenamed FlyTrap. The attackers commencement by getting radical to download the apps done the usage of high-quality graphics and close login screens.

After being installed, the apps effort to prosecute users by displaying come-ons designed to arouse your interest. These see a Netflix coupon code, a Google AdWords code, and a promo asking you to ballot for your favourite shot squad for the UEFA Euro 2020 games.

Users who prosecute with 1 of the come-ons are past shown the Facebook login leafage and asked to motion into their relationship to cod the coupon codification oregon formed their vote. Of course, nary existent codification oregon voting takes place. Instead, a connection pops up saying that the coupon expired and is nary longer valid.

With entree to a victim's Facebook account, the trojan past goes into enactment by opening a morganatic URL and utilizing a spot of JavaScript injection. Injecting malicious JavaScript code, the trojan is capable to entree and extract the user's Facebook relationship details, location, IP code and cookies. As an further threat, the Command & Control server operated by the attackers contains information flaws that exposure each of the stolen league cookies to anyone connected the internet.

To assistance Android users support themselves against specified malicious apps, Richard Melick, Zimperium's manager of merchandise selling for endpoint security, offers a fewer tips:

Avoid installing mobile apps from unofficial sources. Though Google removed immoderate of the malicious apps from its Google Play store, galore are inactive disposable done third-party stores and societal media wherever they tin rapidly spread. As such, users should debar sideloading immoderate apps oregon installing them from untrusted sources. Apps accessible this mode apt person not been tally done information scans and could much easy incorporate malicious code.

Be vigilant astir the enactment and requests of mobile apps. Be alert that if you assistance an app's petition to link to 1 of your societal media accounts, the app volition person afloat entree and power to definite cardinal information.

Remove immoderate suspicious apps. If you judge an app whitethorn beryllium putting your information astatine risk, delete it from your instrumentality immediately. If you added the app connected Facebook, travel the company's instructions for removing the app and your associated data.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article