Twitter and Facebook this week took action against malicious mobile software development kits (SDKs) that were used to improperly access user data.
Both companies have confirmed that, upon receiving reports of the malicious tools, they conducted their own investigations and concluded that the SDKs were indeed malicious. Users who downloaded and installed applications that employ these kits have been impacted.
In a blog post on Monday, Twitter revealed that the malicious SDK that affected some of its users came from oneAudience. The kit could be used to access user data and possibly take over accounts, but the platform says it has no evidence that the latter has occurred.
“We have evidence that this SDK was used to access people’s personal data for at least some Twitter account holders using Android, however, we have no evidence that the iOS version of this malicious SDK targeted people who use Twitter for iOS,” Twitter announced.
The social platform says it will inform potentially impacted Android users and suggested that users should not only delete third-party apps that might be malicious, but also review and revoke permissions granted to those apps.
Facebook confirmed that two malicious kits were used to target the information of its users: the oneAudience and Mobiburn SDKs. The company has already removed the apps employing these tools and issued cease and desist letters against the offending platforms.
“Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies and issu ..
Support the originator by clicking the read the rest link below.
