X-Industry

Malware Steals Facebook Credentials

Posted by Aureanna Hakenson on March 7, 2018 at 4:00pm

TACTICAL CYBER INTELLIGENCE REPORT

Actor Type: II
Serial: TR-18-064-002
Countries: IN, CN
Report Date: 20180305

Malware Steals Facebook Credentials

A new Android malware, named “FakeApp”, has been discovered that steals Facebook credentials, account details, usernames / passwords and other information directly from victim devices.  The malware is targeting mainly English-speaking users in Asian Pacific counties.  The malware has originated from third-party app stores.

Impact

The malware uses sophisticated techniques to compromise the victim’s device and steal the credentials.  The FakeApp malware uses the following methodology: Once this malware infects the victim it hides from the home screen and silently runs in the background.  It will check the infected devices on Facebook accounts by submitting the infected mobiles IMEI number to the attacker via command and control server.  It will also check if the Facebook app is installed or not.[1]  If it does not find the app then the malware will launch the fake Facebook interface to steal the victim’s original username and password.

This malware will keep showing the interface periodically until it successfully collects the Facebook credentials by using the JavaScript from a hidden WebView.  It then uses these credentials to login into the account using the stolen credentials.  Once it has logged in it can harvest important data including:

  • General top-level data: Facebook account, user, password, device IMEI
  • Profile: Work, education, location, contacts, basic info, nicknames, relationships, family, bio
  • Activities: Check in, events, friends, groups, likes, pages, posts[2]

It also checks whether CAPTCHA[3] is present or not.  If it is present, then the malware will send the event to a C&C server, it will clear caches and cookies and then retry later.

Mitigation and Prevention Strategies

Our members should follow these steps to keep themselves safe from such threats:

  • Always keep your software up to date.
  • Refrain from downloading apps from unfamiliar sites and third-party app stores, only install apps from trusted sources.
  • Pay close attention to the permissions requested by apps.
  • Make frequent backups of important data.

For questions or comments regarding this report, please contact the lab directly by at 603-606-1246, or feedback@wapacklabs.com

 

[1] https://i1.wp.com/gbhackers.com/wp-content/uploads/2018/03/Spoofed-Facebook-login.png?w=342&ssl=1

[2] https://www.symantec.com/blogs/threat-intelligence/android-malware-harvests-facebook-details

[3] a program or system intended to distinguish human from machine input, typically as a way of thwarting spam and automated extraction of data from websites.

Views: 49
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!