Thursday, August 11, 2022

Facebook Ads Manager Scam Removed From App Store

Sami Fathi:

Apple has removed an app that it was unknowingly hosting on the App Store that scammed Facebook advertisers and led hackers to use advertisers’ ad budgets to run possibly malicious ads on Facebook’s platforms, Business Insider reports.

The app previously ranked highly on the App Store when searching for “Facebook ads manager,” the app used by advertisers to control their presence and ads they’re running on the Facebook platform. The app presented itself as the legitimate ads manager for Facebook but was actually a backdoor that let hackers gain access to an account.

[…]

Apple said that the app was originally submitted to the App Store as a simple document manager with no ties or functionality to the Facebook platform.

It’s crazy how genuine bug fix updates keep getting held up in review, yet apps like this are able to completely change their functionality and become highly ranked, yet nothing happens to them until there’s a big news story. The App Store makes it easier for scams like this to gain traction because it’s easier to get discovery through App Store keyword SEO and fake reviews than it would be organically, and people assume that Apple must have vetted it or it wouldn’t be in the store.

Previously:

3 Comments RSS · Twitter


This is quite damning, given Appleā€™s marketing around App Store security:

> an app that it was unknowingly hosting on the App Store


Apple has utterly failed in their curation promise as the justification for ruling with an iron fist - it's beyond time for them to have mechanisms for side loading as well as alternative app stores. I don't need Apple to save me from myself - they can't even save me!


This is still on the App Store and they just got me.

Leave a Comment