Facebook sue two men using quiz apps to harvest data of users

Facebook is suing two men from the Ukraine for misusing their app platform and directing users to rogue browser extensions.

Trivial looking apps that promise to offer you the chance to see what your eye color says about you, or what character from the Twilight saga you’re most like, are pretty much par for the course on Facebook.

They’re the social media version of horoscopes. Seemingly harmless, and few take them particularly seriously.

But many of these Facebook quizzes can have a darker side, as the 2018 Cambridge Analytica incident demonstrated. And now in another case of “harmless” quizzes gone awry, it’s Facebook this time taking a third party to task for using their app platform to direct Facebook users to malicious browser extensions.


Sponsored Content. Continued below...




Facebook has said it is suing two men from the Ukraine – Gleb Sluchesky and Andrey Gorbachov – for developing Facebook apps that masqueraded as silly tests and quizzes to direct users to websites that implored visitors to install malicious browser extensions.

Browser extensions are pieces of software that add-on to the user’s Internet browser that allows the browser to do certain things it normally couldn’t. In many cases, browser extensions can act in a very similar way to traditional malware.

These malicious browser extensions were found to be scraping the personal information of any Facebook user who installed the app and the browser extension, including their name, profile picture and friends list, as well as injecting adverts onto the user’s newsfeed that actually belonged to Sluchesky and Gorbachov, not Facebook.


Sponsored Content. Continued below...




The scheme operated between 2016 and 2018, and according to Facebook, had infected around 63,000 browsers. The quizzes were spreading under names including Supertest and FQuiz.

It’s likely it took so long for Facebook to remove the offending Facebook apps because it was not the apps themselves that were doing anything malicious. Rather, they were directing users to rogue browser extensions, and it was these extensions that were scraping data and injecting adverts, outside of Facebook’s app platform.

The difference between this case and the Cambridge Analytica incident, other than it’s Facebook taking on the plaintiff role, is that Facebook assert that it was their user’s themselves that compromised their own devices by giving permission for browser extensions to install onto their device. In the Cambridge Analytica incident, it was the Facebook apps that were scraping user’s information.

Remember that browser extensions can be malicious, so you should never agree to let them install unless you trust the developer of the extension; obviously the same rule applies to software and apps as well. And please, think twice before engaging with these silly Facebook quizzes and tests, like we’ve warned before. Of course not all of them exist with malicious intent, but in this particular corner of cyberspace, it can be very difficult to differentiate between legitimate developers and those who may want to cause you harm.