Tag: META | Page 3

Malware Apps May Have Stolen The Passwords Of 1 Million Facebook Users, Meta Says

October 7, 2022/in Computer Security

Meta says that over a year it detected 400 Facebook password-pilfering apps across Google’s Android and Apple’s iOS. Most appear to have been taken down, but the threat remains, Meta says. (Photo by Jakub Porzycki/NurPhoto via Getty Images)

NurPhoto via Getty Images

As many as 1 million Facebook users were targeted with Android and iPhone malware apps that tried to steal their passwords, according to a report released by Meta on Thursday.

The malware, detected across the last year, masqueraded as various kinds of app, including fake photo editors, virtual private networks that claimed to boost browsing speeds and get access to blocked websites, mobile games, and health and lifestyle trackers. Some promised to turn the user’s face into a cartoon, while others provided horoscopes. Some of the apps made it through Apple and Google security and onto the tech giants’ official app stores, though Meta didn’t specify which ones.

The modus operandi of the malware was simple phishing, said David Agranovich, Meta’s director of threat disruption, during a press briefing on Meta’s report. Most of the apps asked for a Facebook login to use the app, which is typical of many apps. But in the background, the usernames and passwords, along with any two-factor authentication codes, were being sent to the app developers, who were looking for illegal access to Facebook accounts and nothing more, Agranovich said. “Our sense here is that this wasn’t kind of a specific geographically targeted thing. This was more an attempt to just get access to as many login credentials as possible,” Agranovich added.

Agranovich suggested that users should be wary of apps that require you to log in to Facebook to gain any functionality. “If a flashlight application is requiring you to login with Facebook before it gives you any flashlight functionality, there’s probably something to be suspicious of,” he said. He said reviews that repeatedly called out an app as a scam also provided a clue as to the legitimacy of the app.

He said that Meta would be warning 1 million users if they had been exposed to the apps in some way, though the company couldn’t definitively say whether or not all those users…

Source…

Meta Launches New Chromium-Based WebView for Android

October 5, 2022/in Mobile Security

Meta has been developing its own Chromium-based WebView for Android for a few years and has now started rolling it out to users of its Facebook app. The new WebView, which has not been open-sourced yet, improves security, stability, and performance, says Meta.

While Android allows users to upgrade the system browser separately from the OS itself, many users update their Facebook app but not Chrome or the WebView app, says Meta.

This WebView can update in sync with Facebook app updates, and function as a drop-in replacement for the System WebView inside the Facebook app without compromising or changing the user experience in any way.

Keeping the WebView up-to-date will thus prevent potential stability and security issues caused by outdated versions. Meta says they will rebase their WebView code on the latest Chromium codebase at regular intervals, thus benefiting of any security patches to the latest Chromium. Additionally, since the Facebook app is now independent from the default OS WebView, when users decide to upgrade the latter, the OS will not need to kill the Facebook app to force it to reload its WebViews.

Most significantly, Meta says its new WebView improves performance by running its compositor, i.e., the component that decides how to display a page, on a GPU thread.

The System WebView compositor needs to account for the various ways Android allows apps to display it. Because of this, it needs to run synchronously with the Android widget layout, which means that it is unable to run in a separate GPU process.

While the new Android WebView has not been open-sourced yet, Meta says they will submit any major changes to upstream Chromium.

Meta’s announcement has raised some privacy-related concerns on Twitter and Reddit. While Meta is not the first vendor to use its own Web-engine for Android, just last month iOS developer and Fastlane creator Felix Krause warned of Meta injecting JavaScript code in the WebViews used by its Instagram and Facebook apps even when visiting external web pages. This is similar to what popular apps like TikTok, Amazon, and others all do, Krause found out. While realizing that injecting JavaScript is not a sign of any…

Source…

Tech Bytes: Meta is fined, Tiktok denies hacking, new Apple Watch Pro

September 6, 2022/in Internet Security

Meta’s big fine. Facebook’s parent company has been hit with a 400-million dollar penalty, for breaking European Union data privacy rules, because of its treatment of children’s data on Instagram. Meta says it plans to appeal the fine, setting up what could be a lengthy legal battle.

Tiktok is denying reports that it’s been hacked. A hacking group claims it breached the platform and accessed more than two billion records, including user data. But Tiktok says it found no evidence of a security breach.

Images of what may be the new Apple Watch Pro are making their way around the internet, and they appear to show the reports about a new button on the device are true. However it’s purpose isn’t known. The pictures also appear to show both a larger display and casing.

Source…

Meta cracks down on cyberespionage, warns of ‘perception hacking’

August 6, 2022/in Internet Security

Meta said it is focused on continuing to disrupt emerging cybersecurity threats, including “perception hacking” efforts that could attempt to create unjustified fears about the security of U.S. elections.

In its new “Quarterly Adversarial Threat Report” released Thursday, Meta details how it took action on two cyberespionage operations and removed three networks that were engaging in coordinated inauthentic behavior (CIB) — campaigns that seek to manipulate public debate.

Since 2017, the company says it has been able to disrupt the activities of coordinated networks aimed at manipulating users with fake accounts using coordinated inauthentic behavior. The efforts have been successful at driving these networks off of Facebook and have made it harder for other entities to maintain access on the social media platform, Meta says.

Meta says in the report that cyberespionage actors tend to target individuals across the internet in an effort “to collect intelligence manipulate them into revealing information and compromise their devices and accounts.”

Meta’s Facebook took action on two separate cyberespionage operations from South Asia this past quarter, both of which used malware to infect users’ devices. One of the operations was from the hacker group known as Bitter APT, the report says.

The hacker group targeted users with malware in New Zealand, India, Pakistan and the United Kingdom, Meta’s report says.

The report also revealed the company had removed networks promoting misinformation and harassment in India, Indonesia, Greece and South Africa.

Additionally, Facebook removed three networks engaged in coordinated inauthentic behavior, including one network linked to an Israeli public relations firm and two troll farms from Malaysia and Russia.

The Russian operation, the self-proclaimed CyberFront Z, focused on targeting global discourse on the war in Ukraine, the report says.

The pro-Russia operation attempted to mirror the anti-war communities defending Ukraine through the use of fake accounts run by paid posters, the report says. Despite the effort, pro-Ukraine and anti-war comments typically outnumbered the pro-Russia group’s comments.

Ahead of the U.S. midterm elections, a spokesperson…

Source…

Tag Archive for: META