MAL-2026-4363 Malicious code in @asura21232/fca-unofficial-nextgen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30540a72a722c901403164aeb090ca99999d3be2cc4d9e9f3ad99ef319fc2db2 This package presents itself as an unofficial Facebook Messenger client library, but its exported authentication helpers loginViaAPI, tokensViaAPI,...

MAL-2026-4559 Malicious code in fca-eryxenx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7569b032ce4e06251ebfe06b4fc124689f20ca0a7e14b5b2395dc7295bfa18c6 The package's documented login API — loginemail, password, twofactor — POSTs the caller's Facebook email, password, and 2FA secret to...

Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts

Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensio...

Play Store Apps Caught Spreading Android Malware to Millions

By Deeba Ahmed The apps were loaded with info-stealing malware that can extract victims Facebook credentials and download other software, etc.… This is a post from HackRead.com Read the original post: Play Store Apps Caught Spreading Android Malware to Millions...

Android Malware ‘FlyTrap’ Hijacks Facebook Accounts

Researchers have uncovered a new Android trojan, dubbed FlyTrap, that’s spread to more than 10,000 victims via rigged apps on third-party app stores, sideloaded apps and hijacked Facebook accounts. In a report posted on Monday, Zimperium’s zLabs mobile threat research teams wrote that FlyTrap has...

Android Apps in Google Play Harvest Facebook Credentials

A set of nine malicious Android apps that steal Facebook credentials were found on Google Play, which racked up a collective 5.9 million installations before Google removed them. According to Dr. Web’s malware analysts, the applications were fully functional, so that victims remained in the dark...

The many ways you can be scammed on Facebook, part II

In part 1 of this article series, we looked at data mining schemes, scam ad campaigns, concert tickets scams, and PayPal fund transfer scams. Today, we continue to list down the other scams you might encounter on Facebook. Bitcoin trading scam Who would have thought that a "simple" phishing schem...

SilentFade malware stole Facebook credentials, $4 million in ad fraud

By Deeba Ahmed Facebook claims that a Chinese company is responsible for operating SilentFade malware. This is a post from HackRead.com Read the original post: SilentFade malware stole Facebook credentials, $4 million in ad fraud...

Spyware Labeled 'TikTok Pro' Exploits Fears of U.S. Ban

Researchers have discovered a new Android spyware campaign pushing a “Pro” version of the TikTok app that is exploiting fears among its young and gullible users that the popular social media app is on the cusp of being banned in the United States. The malware can take over basic device...

This Week in Security News: Hackers and Ransoms

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, we saw discussion on the ransomware attacks plaguing institutions in the New Year, and emerging malware targeting Meltdown/Spectre patches...

Malicious Gaming App Infects More than 1 Million Android Users

It's not at all surprising that the Google Play Store is surrounded by a number of malicious applications that may gain users' attention to fall victim for one, but this time it might be even worse than you thought. Threat researchers from security firm ESET have discovered a malicious...

PokerAgent botnet stole over 16,000 Facebook credentials

PokerAgent botnet was discovered in 2012 by ESET Security Research Lab, which is a Trojan horse designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats. According to latest report, the botnet i...

PokerAgent botnet stole over 16,000 Facebook credentials

PokerAgent botnet was discovered in 2012 by ESET Security Research Lab, which is a Trojan horse designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats. According to latest report, the botnet i...

New Ramnit Variant Is Stealing Facebook Credentials

The Ramnit worm, which was first detected more than 18 months ago, has continued to evolve and now has spawned a version that is targeting victims’ Facebook credentials, and with great success. Researchers at Seculert in Israel have found a variant of Ramnit that is stealing those credentials and...