Meta/Facebook has put out a security warning to around one million users that their login credentials may have been stolen by scam apps. That’s a bad look for Facebook. But it’s a worse look for Google and Apple where there’s apps have been hosted. Here’s the details:
Meta is warning 1 million Facebook users that their account information may have been compromised by third-party apps from Apple or Google’s stores. In a new report, the company’s security researchers say that in the last year they’ve identified more than 400 scammy apps designed to hijack users’ Facebook account credentials.
According to the company, the apps are disguised as “fun or useful” services, like photo editors, camera apps, VPN services, horoscope apps, and fitness tracking tools. The apps often require users to “Log In with Facebook” before they can access the promised features. But these login features are merely a means of stealing Facebook users’ account info. And Meta’s Director of Threat Disruption, David Agranovich, noted that many of the apps Meta identified were barely functional.
“Many of the apps provided little to no functionality before you logged in, and most provided no functionality even after a person agreed to login,” Agranovich said during a briefing with reporters.
And if you’re wondering how Facebook is addressing this, here’s how:
Agranovich said that Meta shared its findings with both Apple and Google, but that it was ultimately up to the stores to ensure the apps are removed. In the meantime, Facebook is pushing warnings to 1 million people who may have used the apps. The notifications inform users their account info may have been compromised by an app — it doesn’t name which one — and recommends resetting their passwords.
Thus if you get a warning like this, don’t ignore it. But Apple and Google who let these apps on their respective app stores need to get their act together to stop this sort of thing from happening. Specifically Apple as the company has always argued that the App Store is a safe place. But this incident proves otherwise. And I am sure some people on Capitol Hill will want to get answers about that sooner rather than later.
RatMilad Android Malware Targets Middle East Users In New Campaign
Posted in Commentary with tags malware on October 7, 2022 by itnerdZimperium released a blog post on Wednesday that details a novel Android malware called RatMilad which is targeting Middle Eastern enterprise mobile devices by concealing itself as a VPN and phone number spoofing app:
The original variant of RatMilad hid behind a VPN, and phone number spoofing app called Text Me with the premise of enabling a user to verify a social media account through a phone, a common technique used by social media users in countries where access might be restricted, or that might want a second, verified account. Armed with the information about the spyware, the zLabs team has recently discovered a live sample of the RatMilad malware family hiding behind and distributed through NumRent, a renamed and graphically updated version of Text Me.
The phone spoofing app is distributed through links on social media and communication tools, encouraging them to sideload the fake toolset and enable significant permissions on the device. But in reality, after the user enables the app to access multiple services, the novel RatMilad spyware is installed by sideloading, enabling the malicious actor behind this instance to collect and control aspects of the mobile endpoint. As seen in the demo installation video below, the user is asked to allow almost complete access to the device, with requests to view contacts, phone call logs, device location, media and files, as well as send and view SMS messages and phone calls.
Clearly the threat actor or actors behind this are sophisticated. Which makes them very dangerous.
Dale Waterman, who is based in Dubai and is the Managing Director at Breakwater Solutions for the Middle East, noted:
“The fact that this version of the RatMilad malware is targeting mobile phone users in the Middle East with Android operating systems by hiding behind a fake VPN comes as no surprise. Cybercriminals are using trusted platforms like Telegram and WhatsApp to distribute download links to the spyware because they recognize that many governments in the region do not permit the call functionality of apps like WhatsApp. Residents are able to use messaging, but not the (free) call services. If you consider the number of expats living and working across the Middle East, with many away from immediate family and loved ones, then it becomes obvious why bad actors would use a VPN scam to socially engineer access to devices. This is compounded by fact that GDPR-like privacy laws are only now being implemented across the Middle East, but not actively enforced yet by most data protection authorities. Consumers in the region are therefore completely de-sensitized to being constantly bombarded with unsolicited marketing and offers. This reduces the likelihood of consumers questioning the origin of the messages.”
This just highlights that you have to have your head on the metaphorical swivel when it comes to threats as this one is distributed via platforms that are trusted by many.
Leave a comment »