Tens of Thousands of Malicious Apps Using Facebook APIs
(May 1, 2018)
Approximately 25,936 malicious applications were found to be using one of Facebook’s APIs to gather information, according to Trustlook researchers. This information includes a variety of data that can be gathered from a Facebook profile such as email address, full name, and location. Some of these applications were found to be capable of taking pictures and capturing audio even when the application is closed.
Recommendation: All applications, particularly free applications, should be regarded with the utmost scrutiny before they are downloaded because as this story depicts, free software can sometimes come with security risks. Additionally, keeping track of the applications used by your company is important because unknown applications discovered on machines may indicate an infection. The same method should also be applied to web browser add-ons.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.