25,936 Malicious Apps Use Facebook APIs

Trustlook has identified 25,936 malicious apps that are currently using one of Facebook’s APIs, such as a login API or messaging API. (The list of MD5s can be found here.) App developers, when using these APIs, are able to obtain a range of information from a Facebook profile—things such as a name, location, and email address.

The Cambridge Analytica data-harvesting scandal was mainly a result of developers abusing the permissions associated with the Facebook Login feature. When people use Facebook Login, they grant the app’s developer a range of information from their Facebook profile. Back in 2015, Facebook also allowed developers to collect some information from the friend networks of people who used Facebook Login. That means that while a single user may have agreed to hand over their data, developers could also access some data about their friends. Needless to say, this realization among Facebook users has caused a huge backlash.

Trustlook discovered the malicious apps within its SECUREai App Insights product, which continuously scans apps from across the world, and provides more than 80 pieces of information for each app, including permissions, libraries, risky API calls, network activity, and a risk score. This allows app store owners, app developers, and researchers to make informed decisions when assessing the risk of an app. SECUREai App Insights is currently securing three of the top five app stores in the world.

To be fair, Facebook is not the only company with its APIs embedded in malicious applications. Twitter, LinkedIn, Google, and Yahoo offer similar options to developers, and thus their user data faces similar exposure. All of these companies need to remain diligent about what user information is being granted to apps.

For more information on SECUREai App Insights, please visit www.trustlook.com.

 

Android-Malware

9 thoughts on “25,936 Malicious Apps Use Facebook APIs

  1. Pingback: Tens of Thousands of Malicious Apps Using Facebook APIs | Threatpost | The first stop for security news

  2. Pingback: Tens of Thousands of Malicious Apps Using Facebook APIs | Infosec News Ireland

  3. Pingback: Tens of Thousands of Malicious Apps Using Facebook APIs | Threatpost | Information Security, latest Hacking News, Cyber Security, Network Security

  4. Pingback: Tens of Thousands of Malicious Apps Using Facebook APIs | Threatpost | Digitpol

  5. Pingback: Tens of Thousands of Malicious Apps Using Facebook APIs - Account Security Lockdown

  6. Pingback: 25,936 Malicious Apps Use Facebook APIs to get a Personal Information | Information Security, latest Hacking News, Cyber Security, Network Security

  7. Pingback: Tens of Thousands of Malicious Apps Using Facebook APIs - News Archive

  8. Pingback: Tens of Thousands of Malicious Apps Use Facebook's APIs - R- Pakistan Daily Roznama

  9. Pingback: Tens of Thousands of Malicious Apps Use Facebook's APIs » @FinTechLog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s