Target: Android devices/Facebook users
Attack Vector: Malicious app which steals credentials before using them to harvest more info
Summary: Throughout 2017 and into this year, malicious applications on Android devices have been a continuous, notable threat which we have reported on multiple times. Now in March 2018, a new malicious application “FakeApp” has been detected.
This application is notable in its aggressive methods, as it logs into its victim’s Facebook accounts and harvests account details from devices. It also uses the search functionality on Facebook to amass further data. The abilities it has shown to crawl Facebook, scrolling and taking content is something that has not previously been observed on Android malware.
Risk assessment summary: The threat is assessed as 3e MODERATE. While the threat is mainly limited to the Asia-Pacific region currently, the capability it shows is significant and in some cases never seen before. This could indicate a new trend which we may see more of in the future. The harvesting of such a wide range of personal data is also significant as it could be used to help facilitate a future attack or open up attack vectors on friends of the victim, who would also have information harvested during this attack. Furthermore, information could also be sold on the Dark Web, where there is no guarantee of a buyer’s intentions.