Two Ukrainian men used online quizzes to lure more than 60,000 Facebook users into installing malicious browser extensions that exfiltrated their profile data and friends lists to offshore servers, according a federal lawsuit the company filed late Friday.
The men, Andrey Gorbachov and Gleb Sluchevsky, allegedly used the browser extensions to overlay their own advertisements onto Facebook’s news feed when their victims visited through the compromised browsers. The company doesn’t offer a motive for the data-scraping, but it may have been used to work friends’ names into the ad copy, mimicking the form of many genuine Facebook ads.
Facebook is suing the Kiev-based entrepreneurs for alleged violations of Californian and federal anti-hacking law, as well as fraud and breach of Facebook’s terms of service.
“As a result of installing the malicious extensions, the app users effectively compromised their own browsers because, unbeknownst to the app users, the malicious extensions were designed to scrape information and inject unauthorized advertisements when the app users visited Facebook or other social networking site as part of their online browsing,” the company wrote.
Both defendants are affiliated with a company called the Web Sun Group, which did not immediately respond to an inquiry from The Daily Beast on Friday.
Facebook alleges the scheme primarily targeted Russian-language victims. And as in Facebook’s Cambridge Analytica privacy scandal, online quizzes and tests were the hook, in this case with names like “Supertest,” “FQuiz,” “Megatest,” and “Pechenka.”
“In total, Defendants compromised approximately 63,000 browsers used by Facebook users and caused over $75,000 in damages to Facebook,” the company claims in its civil complaint, citing the cost of rooting out the activity.
According to the company the men used aliases, including “Elena Stelmah,” “AmandaPitt,” and “Igor Kolomiiets,” to perpetuate the scheme, which operated from 2016 until October 2018, when Facebook kicked the men off their platform and got their malware banned from browser app stores.
In a statement sent after this story posted, the company said: “Today Facebook filed a complaint against two developers based in the Ukraine for violations of our policies and other US laws by operating malicious browser extensions designed to scrape Facebook and other social networking sites. By filing the complaint, we hope to reinforce that this kind of fraudulent activity is not tolerated on our services, and we will act forcefully to protect the integrity of our platform”
On Wednesday, Facebook founder Mark Zuckerberg posted a lengthy manifesto outlining a vision of a more “privacy focused” social media giant.
“I believe we should be working towards a world where people can speak privately and live freely knowing that their information will only be seen by who they want to see it and won't all stick around forever,” he wrote.