An app that was scamming Facebook advertisers is gone from the App Store. Apple was unknowingly hosting the app, which was used to hijack Facebook Ad accounts, on the iOS App Store.
App Could Hijack Facebook Ad Accounts, May Have Run Malicious Advertisements
The app was pretty high-ranking on the App Store if you searched for “Facebook ads manager.” Billed as a better way to control and manage presence and advertisements on the Facebook platform, it was really a backdoor for hackers.
Once installed and configured, the app allowed malicious actors to take over a Facebook Ads account. One ad agency employee told Business Insider of getting locked out of their account just 10 minutes after downloading the app and logging in.
The app in question, Pages Manager Suite, was listed as the second result when looking for a Facebook ads manager. Two ad agency sources reported that after they logged in, they found themselves locked out of their Facebook Ad accounts. Meanwhile, the hackers started running their own ads, using the victims’ budgets, through the hijacked accounts.
According to Apple, the developers originally submitted the app as a simple document manager. It supposedly had no ties or functionality to the Facebook platform, but it turned malicious after approval. Recently, security researchers identified other apps, on the Mac App Store, that transformed into completely different software after passing the App Store review process.
Scam Apps Continue to Plague the App Store
Despite Apple’s efforts to wipe out the problem and its claim that the App Store is “a safe and trusted place,” scan keeping sneaking in. Last year, a study showed that 2% of the top 1000 paid apps were actually scams. These apps, according to the report, netted scammers more than $1 million in revenue.
In this instance, Facebook flagged the app as problematic in mid-July. Nevertheless, Apple failed to remove the app until after Business Insider asked for a comment on the issue.