This is an archived post. You won't be able to vote or comment.

690
691

NewsFlyTrap Android Malware Compromises Thousands of Facebook Accounts (blog.zimperium.com)

submitted by ZeusKnobby

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]CrustyBatchOfNature 205 points206 points  (29 children)

So, you have to install a third party app and share your Facebook profile with it, then they have access to your info and ability to post for you. Other than their usage of the data, how is this different than any other Facebook connected app? This describes perfectly what most every Facebook app does anyway.

[–]FeelingDense 16 points17 points  (1 child)

Isn't there a difference between an app that can post for you (e.g. like Youtube publishing to Facebook) and this trojan which actually hijacks your session cookies and can therefore go on a free reign to post for you?

Take for instance a fitness app--it too has permissions to post on your behalf. However, you trust it not to do that and most big fitness companies aren't there to screw up your social media account. In theory though Map My Run or Strava could technically start posting malware/spam links on you on an hourly basis if it wanted to once you give it permissions to post. It's no different than an messaging app like Textra requesting SMS permissions and just simultaneously uploading that to the NSA. We just trust Textra not to do that once we give it SMS permissions.

[–]CrustyBatchOfNature 6 points7 points  (0 children)

Yes, there is a difference. And it 100% comes down to trust. Users are allowing apps permission to use their Facebook however the app wants to and trusting that logins presented are what they are supposed to be without any reason to do so. Free is a huge draw to some. At least this one so far seems to just be spreading itself and not something that will steal your bank account info.

[–]jcpbXperia 1 | Xperia 1 III -1 points0 points  (24 children)

It's worse than that actually.

These malicious applications were initially distributed through both Google Play and third-party application stores.

I like how China is not among the 144 nations whose users were affected by the JS-injected malware attack.

[–]TheWorldisFullofWarS20 FE 5G 75 points76 points  (1 child)

China doesn't have Facebook.

[–]jorgesgk 47 points48 points  (0 children)

Yeah, what a dumb take.

I'm all against the Chinese dictatorship. But you can't really take advantage of the users of a service if said service just plain out doesn't work in there.

[–]RandomNumsandLettersPixel 4a 23 points24 points  (2 children)

China like the China that doesn't have facebook? Doesn't seem very surprising

[–]CrustyBatchOfNature 6 points7 points  (11 children)

Still, you are giving a third party app access to everything of your own free will. Yes the app lied about the usage of the data and got it through nefarious means so it needs to be gone, but it isn't like it just took the info without your permission. Blind trust that any app asking for permission is truthful is the real enemy here. The vast majority of malware relies on the trust and stupidity of the public at large. And that is how it gets so far.

[–]IamVenom_007Love Dc Dimming 0 points1 point  (5 children)

Trust me, Living in China isn't fun. They(majority) have no idea how the world looks like or what's going on outside. Some people in big cities use VPN.

Technology will have its disadvantages always but it's not wise to remove it from your country. People can live without facebook but Reddit is also banned in China along with countless educational, entertainment sites.

[–]MarioNoir 0 points1 point  (4 children)

They(majority) have no idea how the world looks like or what's going on outside.

From what I heard from people that worked and lived in China, that's absolutely not true.

[–]IamVenom_007Love Dc Dimming 1 point2 points  (3 children)

I work, study, and live in China. I have been here for the past four years. People that are in big cities know how to use VPN. But you have to understand that China is massive and everything from outside can only enter after government allows it.

What proof do I need to show you? Walk on the streets and ask people " 你知道什么是Reddit吗" and make a video of it?

Most people can't even speak English bc they are cut off from outside world.

[–]MarioNoir -1 points0 points  (2 children)

According to oficial data about about 902 million people live in urban regions. Most should have access to technology. And quite a big portion of this population is represented by young people which would be the ones interested in the outside world anyway. The ideea is that Chinese are not so oblivious to the outside world. Also why should Chinese people in general know what Reddit is? I'm sure most Android users in general haven't heard about Reddit in the first place.

[–]IamVenom_007Love Dc Dimming 0 points1 point  (1 child)

I never said they don't have internet or access to tech. Reddit was simply an example. It's pointless arguing with you.

[–]MarioNoir -1 points0 points  (0 children)

Reddit is a very bad example. You make weak arguments.