Browse archive

Latest news

Experts highlight top data breach vulnerabilities

NYPD detective accused of hiring email hackers

Guantanamo cuts off Wi-Fi access due to OpGTMO

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

A closer look at Mega cloud storage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Bogus Facebook apps could lead to Android malware

Posted on 21.05.2012

Bitdefender researchers have recently spotted something that could be the beginning of paid promotions through Facebook, and believe that the approach can very easily be used for peddling malicious mobile apps.

The realization came with the discovery of duplicates of legitimate Facebook "dating" apps.

The duplicates use the same names as the original ones (Lista de Verificación del Amante Ideal and Lista de Verificare pentru Iubit(a)), but perform differently.

While the legitimate ones scan the user's Facebook contacts and list potential partners, the clones are able to detect whether the user uses a mobile device, and if he does, they redirect him to a random Google Play game.

So far, none of the games/apps (or pages, for that matter) to which the users get redirected are malicious, but it can and probably will happen.

"Cross site scripting is nothing new; however, this is one of the few times when a direct correlation between Facebook and promoting Android apps via redirecting mobile traffic has been reported," says Bitdefender.

"Visiting the link from your desktop PC is safe, but if you’re accessing the same app from your Android handset, things become risky."