Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Can Tech Pros Get Malware From Facebook Apps? App-solutely.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

You’ve been around the block. You know the score. You’re nobody’s fool.

Anyway, when it comes to malware and navigating the Internet, you maintain a healthy suspicion of everything, including what your friends send. You have a good nose for sniffing out the difference between a spoofed website and a genuine one. You know better than to click on the wrong link. And, then one day…

Padmini Harchandrai in relates the tale of security expert Vanja Svajcer who received a Facebook friend request. Being careful, Svajcer used his Android device to check the requester out before accepting the request. A link on the requester’s Facebook profile redirected Svajcer’s browser to a webpage automatically downloading malware to his Android phone. The malware package was called any_name.apk and it looked like it was designed to earn money for scammers through premium rate phone services.

Svajcer said the malware was using a class name, com.opera.install, which made it look like it was associated with a legitimate Opera browser app. “An encrypted configuration file inside the package include[d] the dialing codes for all supported countries (for instance, the UK …) and the premium rate number and text of the SMS message which it intend[ed] to send.” The application made an appearance to let Svajcer know what it planned to do when he ran it, but in reality, it installed itself without his permission.

Knowing there was malware, but wanting to know how it worked, Svajcer visited the same link a few days later on his Android smartphone. This time he was taken to another website, which downloaded a different application, allnew.apk. The new application performed the same function as the original malware, but was coded differently as Andr/Opfake-C.

Harchandrai writes, “This kind of malware is similar to clickjacking, which takes place very often on Facebook. Users are usually shown a link that is malicious and provocative in nature and when they click on it, they are made to go through surveys, which ask them for very personal information before they are told they can see the video.

“Sometimes, the end result is a sale of very expensive premium telephone plans. However, even after they’ve filled out the surveys, the promise of viewing the video is never met. It’s…called clickjacking, because when users click “Like” on the first bait page, their friends see that activity and are in a position to fall victim to the same trap.”

Wow, don’t even get the see the video. Talk about adding insult to injury.

By ThreatMetrix Posted