Just when it seemed that the strides made in technology as well as data security had made sure that no potent malware would be able to attack Facebook users, Fakeapp emerged. The latest malware which is for now targeting Android users specifically can collect Facebook user credentials by utilizing Phishing. It doesn’t end there, the malware can continue being logged in the accounts in order to harvest and gather account details. Unlike previous malware that targeted Facebook users for this purpose, Faceapp can even use Facebook’s search functionality.
This new form of malware was discovered by a group of Symantec researchers conducting their studies of Facebook users and their interactions with other third-party sites through Facebook. They are also the ones that have coined this term for the malware. The app does not appear on the home screen, rather it seems to hide and run anonymously in the background. Users won’t be aware of its presence until they thoroughly analyze their background processes. They further added that the app is currently targeting the English-speaking demographic on the third-party app stores. However, there is a small peculiarity. Despite its target being the English-speaking audience, its region of operations appears to be limited to the Asia-Pacific belt. The only logical conclusion can be that the app stores being targeted have a domestic Asian audience.
Fakeapp uses a WebView which is a lesser version of the mobile browser app. It presents the user with a fake Facebook login in order to access their account. Though the Symantec researchers have specified why this happens, the reasonable explanation is that it gets the app through Facebook’s security measures. By logging in from the same phone used by a user’s normal IP rather than a new IP address it avoids the security protocols.
While other malware usually commit intrusive acts like posting spam posts and liking content, Fakeapp simply collects the users’ details such as education, work, contacts, bio, family, events, groups, relationships, likes, posts, pages and all sorts of relevant information. Such behavior in a malware is unheard of specially considering that it doesn’t commit money-making operations. Its nature of collecting data for database building classifies it as a sort of “spyware”.