Hackers spread Android spyware through Facebook using Fake profiles

The Android spyware was used to steal personal data of victims – The campaign also shows why users should never use their real photos on Facebook.

There are almost 2 billion monthly active users on the social media giant Facebook and that makes it one of the most lucrative targets for hackers and cybercriminals. Recently, the researchers at Czech IT security researchers at Avast reported a sophisticated campaign in which attackers used Facebook and Facebook messenger to trick users into installing a highly sophisticated Android spyware.

Hackers Used Fake Facebook Profiles Of Attractive Females

The scam was reported to Avast by one of their customers informing about receiving messages on their Facebook messenger carrying strange looking links sent by unknown profiles going by the names of Alona, Christina, and Rita using images of attractive women.

According to Avast, researchers quickly identified that the profiles used in the scam were fake, stolen images from real people and used without their knowledge or consent. The women lured the victim to click on the link and install the latest version of Kik Messenger app on their device in order to continue their “flirty conversations”.


However, the link only disguised as the Kik Messenger app, in reality, it would take victims to a “very convincing” phishing website and which hosted the malicious version of Kik Messenger app. Once installed, the spyware app would steal personal data from the device.

Tempting Cedar Spyware & Lebanese Connection

Dubbed Tempting Cedar Spyware by Avast researchers, the attack aims at stealing personal data from victims Android devices including photos, contacts list, SMS, call logs, victims’ location and recording surrounding sounds including call conversations.

According to Avast, the operation has been targeting Android users since 2015 and so far it has hunted hundreds of victims in the Middle East. The most targeted victims were from Israel while a small number of victims were identified in China, France, Germany and the United States.

Based on the evidence such as login activity, IP addresses, Middle Eastern time zones, registrant data of domains used by hackers to distribute malware, Avast researchers believe that this campaign is being run from Lebonan. However, at the time of publishing this article, it was unclear if the Tempting Cedar Spyware campaign is still targeting users or it has been shut down.

“The cybercriminals behind the Tempting Cedar Spyware were able to install a persistent piece of spyware by exploiting social media, like Facebook, and people’s lack of security awareness, and were thus able to gather sensitive and private data from their victims’ phones including real-time location data which makes the malware exceptionally dangerous, concluded Avast.”


Recently, we had covered the most powerful android spyware that targeting a large number of users for the past four years.

Steps to take to protect yourself against spyware

Here are a few things you can do to avoid being manipulated like this into downloading spyware:

  • Use antivirus software. Even if you accidentally download malware onto your phone, Avast will detect and remove the malware, to keep your data and privacy safe.
  • Don’t talk to strangers. There is a reason why parents have been warning kids about talking to strangers and this case confirms that talking to strangers online is no different and is not a good idea.
  • Never open links or download software sent to you from untrusted sources. The victims of this spyware campaign were tricked into downloading the spyware themselves because they trusted the girls they were talking to online, despite never meeting them in person. On top of this, they ignored Android’s warnings about downloading apps from unknown sources.
  • Download from the source. Whenever possible, visit the homepage of an established company directly – by typing in the URL yourself – as they often promote their mobile apps on their websites and download the app straight from the source. Had the victims done this, they would have avoided the fake and malicious Kik app. The “girls” probably would have stopped talking to them, but that would have been for their own good!


Credit: Hackread & Avast

CEH Course In pune | Slink


Jai Prajapati

Jai Prajapati is a security analyst and author for Securityleaks, where he passion for covering latest happening in cybersecurity world such as malware, breaches, vulnerabilities, exploits, white-papers, hacking newsbytes, Dark Web, hacking tutorials and a few more.

Leave a Reply

Your email address will not be published. Required fields are marked *