They steal your Facebook

Evina blocks fraudulent traffic, but we don’t stop there.

New ways of perpetrating fraud are regularly brought to the attention of our cybersecurity experts and we recently discovered a new malware that steals Facebook logins. This malware could devastate your online and offline life by making off with the credentials of one of your most valued pieces of digital real estate. The malware was embedded in a large number of popular apps:

Example of infected apps
And it is no surprise that there were numerous unfortunate victims.
Comments on the infected applications

We had Google shut down those applications. Evina managed to successfully reverse-engineer the malware which enabled us to protect end users against it. This is critical for our customers:

Brigitte De Ducla, Orange France

“We have successful results with Evina; in addition to providing us with premium protection on our carrier billing, they also help us create a safer customer journey, therefore preserving the global experience of our clients”.

Here’s how they steal your Facebook

In the foreground is the malware browser, in the background the real application

When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes java script to retrieve them. The malware then sends your account information to a server.

Check if the Facebook app is running in the foreground
Run the activity that contains the WebView
The WebView loads the login page
It executes javascript to get the credentials
And sends the data to airshop.pw

Lionel Ferri, Evina CTO: “It’s a fraudulent technique that points out the danger and reflects how important it is to protect yourself. It cannot be identified by Facebook as the malware displays in front of the legit app when it is launched”.

Why are you always targeted? Because everyone is targeted.

Internet-based fraud has become so pervasive that sometimes it seems as if everyone you meet has, at some point or another, been a victim of digital fraud. Often when one is targeted by online fraudsters, the first reaction is ‘why me?’.

Rest assured that we are all in the same boat and while it is normal for the victim to think they have been specifically targeted, we are all targets. Furthermore, we must highlight that victims should never be blamed for the criminal actions of others.

Fraudsters are everywhere and they are not confined to the DCB sector. They lurk in every nook and cranny of the web and it is the job of experts like Evina to flush them out. Our clients are very helpful in this regard. They regularly provide us with valuable information that helps us lift the lid on what you could call the “digital fraud of the day”.

In conclusion, keep in mind once that the victims are not the culprits: the app developer, the app store and all other legitimate players involved are simply innocent victims of fraudsters and their malware.

The Fraud Observer

Do you like this article ?

Articles, interviews, analyzes, debates ... Once a month, the most valuable insights and news to fight fraud and grow your business.