Twitter, Facebook user Information Inappropriately Accessed by Malicious SDKs

Twitter, Facebook User

This week, Twitter and Facebook took action against malicious mobile software development kits (SDKs) used for improper access to user information.

Both firms confirmed that they conducted their own investigations upon receipt of reports of malicious tools and concluded that the SDKs were indeed malicious. It has impacted users who downloaded and installed applications using these kits.

In a Monday blog post, Twitter showed that the malicious SDK affecting some of its users was from one audience. The kit can be used for accessing user data and possibly taking over accounts, but the platform does not provide evidence of this occurrence.

“We have proof that that SDK has been used to access personal data on some Twitter account owners using Android, but we don’t have proof that the iOS edition of this malicious SDK is aimed at people using Twitter for iOS,” Twitter announced.

The social platform says that it informs potential Android users and suggested that users should not only delete malicious third-party apps, but also check and revoke permissions given to such applications.

Facebook reported that its users ‘ data was targeted by two malware kits: the one Audience and Mobiburn SDKs. The company has already removed the apps using these tools and issued letters against the offending platforms withdrawing.

“Recently, security researchers have told us of two bad actors, One Audience and Mobiburn, who paid developers to use malicious software developer kits in a number of apps in popular app stores. Following investigation, we removed the applications from our platform for violations of our platform policies and issued cessation and retirement letters against One Audience and Mobiburn.

“We intend to notify people who we believe are likely to have shared information when they have allowed access to their profile information, such as name, email and sex. We encourage people to be cautious when choosing which third-party apps have access to their social media accounts.

MobiBurn posted a note on its website claiming it does not collect, share or modify Facebook data.

“MobiBurn acts primarily as an intermediary in the data enterprise with its bundle, i.e. a collection of data monetization firms developed by third parties. MobiBurn does not have access or store MobiBurn data collected by mobile application developers. MobiBurn enables the process only by connecting developers of mobile apps to data monetization companies, “says the company.

The findings were informed of both Google and Apple, and further action could be taken against applications using the malicious SDKs.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.