Facebook sues Ukrainian hackers for spreading malware-ridden quiz apps

The defendants are accused of "scrapping" users' profile information

Facebook profile page

Facebook has sued two Ukrainian men for allegedly stealing personal data from the social network by infecting 63,000 users profiles with malware delivered via a set of personality quizzes.

The two men, Gleb Sluchesky and Andrey Gorbachov, are accused of operating four web apps that targeted Russian and Ukrainian users between 2017 and 2018.

According to a court document, filed on Friday, the apps offered personality quizzes, such as 'Who are you of modern vampires', a quiz based on the movie Twilight, and 'Who are you from the past', a quiz to match users with historical figures.

The apps used Facebook's login feature, promising to use limited information, but it would then direct users to download a browser plugin. This extension was used to then infect the a user's profile with malware, removing personal and public information from the page and replacing Facebook-approved ads with the hacker's own. By being listed as approved developers by Facebook, the hackers were effectively given the scope to exploit the Facebook Login plugin. 

Advertisement - Article continues below
Advertisement - Article continues below

"In 2017 and 2018, defendants Gleb Sluchesky and Andrey Gorbachov, operated fraudulent web applications designed to deceive their users into installing malicious browser extensions," the court paper stated.

"The malicious extension enabled defendants to "scrape" information from the app user's social media profiles and inject advertisements when the app users visited different social networking sites, including Facebook."

This means, specifically, that the two men harvested the app user's publicly viewable information, such as their name, age, gender and profile picture, and even private information uch as their 'friends' lists.

In 2018, following an investigation, Facebook deleted all accounts linked to the two men, but by then they had infected approximately 63,000 browsers and caused over $75,000 in damages to Facebook.

According to The Verge, the time that Facebook first announced the data breach matches reports of a breach to private messages from November 2018, which suggests the pair are linked to that breach. In that incident, some 81,000 Facebook users had their private messages published online, with a broker to access the profiles for as little as 8p per account.

This is further fallout from a disastrous 2018 for Facebook, which began with revelations of the Cambridge Analytic scandal. The root of that particular controversy was also third parties creating personality quizzes with hidden motives. But on that occasion, it was data harvesting for political motives.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now

Most Popular

cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020

How to use Chromecast without Wi-Fi

5 Feb 2020
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Microsoft Azure

Microsoft Azure is a testament to Satya Nadella’s strategic nouse

14 Feb 2020