Infoziant - BLOG DETAILS

JAN 28, 2014 / BLOG / CYBERINFOADMIN

Facebook Fake Apps can Steal users’ Credentials, Status , Pictures & Private Messages!!!

Facebook is the most popular social-networking service worldwide with around 1.23 billion users (Source: Wiki)

We came across a fake Facebook app named AGE VERIFICATION. As per the Application, the user hasto click the button named Click Here and Get Your Activation Code. Once the user sent the access token to AGE VERIFICATION website , Access Token Working Flow.

What will the attacker do when he/she got access token of Victim -

Attacker can read all the Status of victim even when it set to (Only of Me)
Attacker can View the Picture even when it set to (Friends alone and Only for Me)
Most dangerous thing Attacker can read the private messages

Proof Concept :

Facebook Fake Application Breaks Facebook users Privacy be careful while click any link on Facebook. Demonstrated by CyberInfoSec Research Team