Skip Tags

Popular Tags

Decorative icon

The Resource Center Online Security Issues & Protection The Resource Center | article

Facebook Hack Infects Android Phones


There's no doubt the proliferation of smartphones has made day-to-day life easier and more streamlined for many people around the world. Whether it's trying to pay your bills through online banking, or communicating with faraway friends through email and Facebook, the development of smartphone apps has helped bring these daily essentials on-the-go and into less of a chore. Unfortunately, there is no shortage of hackers and digital thieves looking to hijack this technology for their own needs, and one recent case in particular could wreak havoc on Android users that make use of Facebook and mobile banking apps.

According to the cyber security blog We Live Security, a new Facebook webinject - a web testing JavaScript tool embedded into Facebook webpages - is making the rounds online, with the ability to install a malicious new mobile banking app onto Android-powered smartphones. The new webinject presents itself when the phone's user attempts to log into their Facebook account. The following prompt then appears on screen:

"Due to a rising number of attempts in order to gain unlawful access to the personal information of our users and to prevent corrupted page data to spread [sic] Facebook administration introduces [sic] new extra safety protection system. It's free and it keeps you safe [...] With this software you don't need any extra account profile or password [sic] all you need is to install it and everytime [sic] you log in you will input an access code generated by the software on your personal phone."

This message also includes a space for the user to enter in their phone number. After doing so, the webinject will then send a URL link via text message to the phone. Clicking this link will download the iBanking malware onto the Android phone, installing a mobile bot that can access - among other features - incoming voice calls, SMS messages and online banking information.

It goes without saying that having this kind of malware on your phone can have disastrous financial consequences and drastically increase your risk of identity theft. iBanking effectively gives hackers and ID thieves access to your banking records, which in turn allows them to not only plunder your bank accounts but also open new lines of credit in your name, running up fraudulent transactions that leave you with significant amounts of debt, not to mention a tarnished credit history.

In cases like these, common sense can be the best defense. As you may have noticed, the text in the webinject's prompt is rife with grammatical errors and dropped words, indicating not only was the author not a native English speaker, but also clearly wasn't proofed and sent by a legitimate company like Facebook.

Nevertheless, the fact that hackers can co-opt popular apps like Facebook and mobile banking operations initially designed for banks is a disturbing one, and serves to highlight that ID theft will only become more prevalent as the opportunities for malware continue to grow.

You can stay ahead of theft of identity by enlisting the help of an identity theft protection service. While there is no program that can prevent offer 100 percent ID theft prevention, a credit monitoring service can alert you whenever certain activity appears on credit that may indicate fraud. The sooner you can identity any suspicious transactions and potential theft, the faster you can stop thieves in their tracks and protect your credit from harm.