THEY STEAL YOUR FACEBOOK

Posted by Evina on

Evina blocks fraudulent traffic but we don’t stop there. New ways of perpetrating fraud are regularly brought to the attention of our cybersecurity experts and we recently discovered new malware that steals Facebook logins. This malware could effectively ruin your online and offline life by making off with the credentials of one of your most valued pieces of digital real estate. The malware was embedded in a large number of popular apps:

Example of infected apps

And it is no surprise that there were numerous unfortunate victims.

Comments on infected applications

We had Google shut down those applications. Evina managed to successfully reverse-engineer the malware which enabled us to protect end-users against it. This is very critical for our customers:

1200px-Orange_logo.svg

Brigitte De Ducla, Orange France

"We have successful results with Evina; in addition to providing us with premium protection on our carrier billing, they also help us create a safer customer journey, therefore preserving the global experience of our clients".

Here’s how they steal your facebook
In foreground the malware browser, in background the real application

When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes java script to retrieve them. The malware then sends your account information to a server.

Check if the Facebook app is running in foreground
Run the activity that contains the webview
The webview load the login page
It executes javascript to get the credentials
And send the data to airshop.pw

Lionel Ferri, Evina CTO: “It’s a fraudulent technique that points out the danger and reflects how important it is to protect yourself. It can not be identified by Facebook as the malware displays in front of the legit app when it is launched”.

Why are you always targeted? Because everyone is targeted.

Internet-based fraud has become so pervasive that sometimes it seems as if everyone you meet has, at some time or another, been a victim of digital fraud. Often when one is targeted by online fraudsters, the first reaction is ‘why me?’.

Rest assured that we are all in the same boat and while it is normal for the victim to think they have been specifically targeted, we are actually all targets. Furthermore, we must highlight that victims should never be blamed for the criminal actions of others.

Fraudsters are everywhere and they are not confined to the DCB sector. They lurk in every nook and cranny of the web and it is the job of experts like Evina to flush them out. Our clients are very helpful in this regard. They regularly provide us with valuable information that helps us lift the lid on what you could call the digital fraud of the day.

 

In conclusion, remember once again that victims are not culprits: the app developer, the app store and all other legitimate players involved are simply innocent victims of fraudsters and their malware.

You should also read

EVINA PROTECTS END-USERS, MOBOK: A MALWARE FAMILY IN CONSTANT EVOLUTION THAT PERPETRATES MOBILE FRAUD IN GERMANY

Evina has detected the MobOk family of mobile malware in 49 Android applications. Several clues indicate a concentration of some of the malware...

Read more
A MALWARE RISES TO THE TOP APPLICATIONS IN GOOGLE PLAY STORE

Evina found a malware in the Google Play Store’s top application rankings called "Stars Wallpapers." This malware is able to simulate real...

Read more
PRESS RELEASE: TELCOS FURTHER COMMIT TO SAFER DIGITAL MONETIZATION WORLD

Pre-installed malware have managed to bypass Google’s security PARIS, FRANCE - Malicious traffic sources have managed to bypass Google’s...

Read more