Security News

A set of nine malicious Android apps that steal Facebook credentials were found on Google Play, which racked up a collective 5.9 million installations before Google removed them. The malicious apps were detected as trojans called Android.

Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials. "The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps' functions and, allegedly, to disable in-app ads, users were prompted to log into their Facebook accounts," researchers from Dr. Web said.

Facebook on Tuesday revealed it filed two separate legal actions against perpetrators who abused its ad platform to run deceptive advertisements in violation of the company's Terms and Advertising Policies. "In the second case, the defendants are a group of individuals located in Vietnam who got users to self-compromise their Facebook accounts and ran millions of dollars of unauthorized ads."

Facebook has filed lawsuits against two groups of suspects who took over advertising agency employees' accounts and abused its ad platform to run unauthorized or deceptive ads. The social network says that four Vietnamese nationals took over the Facebook accounts of multiple employees working at marketing and advertising agencies using a technique known as session theft.

Facebook this week announced filing two lawsuits - one against an organization and its agents and one against four individuals in Vietnam - over advertising-related schemes. According to Facebook, four individuals residing in Vietnam employed session/cookie theft techniques to compromise the accounts of employees at advertising and marketing agencies, leveraging them to run unauthorized ads.

Facebook is subject to EU privacy challenges from watchdogs in any of the bloc's member states, not just its lead regulator in Ireland, the bloc's top court ruled Tuesday, in a ruling that has implications for other big tech companies. Under the EU's stringent privacy rules, known as the General Data Protection Regulation, only one country's national data protection authority has the power to handle legal cases involving cross-border data complaints in a system known as "One-stop shop." For Facebook, which has its European headquarters in Dublin, it is Ireland's Data Protection Commission.

In an open letter this month, the Chaos Computer Club - along with Google, Facebook, and others - said they are against proposals to dramatically expand the use of so-called state trojans, aka government-made spyware, in Germany. Once you have root access on a person's computer or handheld, the the device can be an open book, encryption or not.

Facebook said Wednesday that it has disrupted more than 150 deceptive influence schemes since 2017, with Russia the biggest single source, as culprits strive to stay "Under the radar." The number of coordinated inauthentic behavior campaigns derailed at the leading social network ramped up each year since a Russia-linked operation to sway the outcome of the 2016 US presidential election put Facebook on the defensive.

Argentina has ordered Facebook to suspend its data use policy allowing it to collect information from users of its WhatsApp messaging app, the government announced on Monday. In the meantime, the national agency that protects personal data and access to public information will lead an investigation into Facebook's plans.

Ireland's High Court on Friday rejected Facebook's bid to block an investigation that could potentially stop data transfers from the European Union to the United States. The Irish regulator launched its inquiry last summer after a top EU court decision over Facebook invalidated a key online data arrangement between Europe and the US. "The DPC decided to commence an 'own volition' inquiry ... to consider whether the actions of Facebook Ireland Ltd in making transfers of personal data relating to individuals in the European Union/European Economic Area are lawful, and whether any corrective power should be exercised by the DPC in that regard," the court statement noted.