Facebook has sued Fatih Haltas, an app developer in the UK, as well as his companies OakSmart Technologies and MobiBurn for using a malicious SDK to collect user data from Facebook and for not complying with the company’s audit request.
In a blog post published Thursday, Jessica Romero, Director of Platform Enforcement and Litigation at Facebook, said the lawsuits, filed separately in the US and the UK, has been filed for the first time in the UK to prevent the developer from using malicious SDK on the users’ devices to collect personal data.
Romero said that MobiBurn, one of Haltas’ companies, paid app developers to install a malicious Software Development Kit (SDK) in their apps. Once installed, the SDK collected information stored in the devices and also requested data from Facebook such as users’ names, gender, time zones, and email addresses.
MobiBurn’s actions were reported to Facebook by security researchers as part of Facebook’s data abuse bounty programme. After analysing the SKD’s activities, Facebook decided to take enforcement action, disabled MobiBurn’s applications, sent a cease and desist letter, and requested MobiBurn’s participation in an audit which the company failed to honour.
Facebook and Instagram also filed a lawsuit in the US against Nikolay Holper who used a network of bots and automation software to distribute fake likes, comments, views and followers on Instagram, and also used different websites to sell fake engagement services to Instagram users.
“Today’s actions are the latest in our efforts to protect people who use our services, hold those who abuse our platform accountable, and advance the state of the law around data misuse and privacy,” Romero said.
In October last year, Facebook also sued Israeli cyber security firm NSO Group for using WhatsApp servers located in the United States and elsewhere to infect approximately 1,400 mobile devices with malware to carry out surveillance of “Target Users”.
In its complaint, Facebook alleged that NSO Group and its agents used WhatsApp servers and the WhatsApp Service to send discrete malware components to target devices after setting up various WhatsApp accounts and remote servers to conceal their involvement.
Using Facebook’s servers, NSO Group initiated calls that secretly injected malicious code into target devices and then executed the codes to create a connection between the hijacked devices and its remote server. Once a connection was established, NSO Group caused target devices to download and install additional malware, including Pegasus, for the purpose of accessing data and communications.
Using this method, NSO Group transmitted malicious code to approximately 1,400 target devices between April 29 and May 10 and these devices were owned by attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials, Facebook said.