Facebook sues Ukrainian browser extension makers for scraping user data

Facebook said the malicious extensions were installed by more than 63,000 users.
Written by Catalin Cimpanu, Contributor
Funnytest.pro - one of the sites cited in the Facebook civil complaint

Funnytest.pro - one of the sites cited in the Facebook civil complaint

Image: ZDNet

Facebook has filed a suit against two Ukrainian developers for creating Facebook apps and browser extensions that harvested user data and injected ads into users' timelines.

The two developers cited in a lawsuit Facebook filed late Friday, March 8, are named Gleb Sluchevsky and Andrey Gorbachov, both based out of Kiev, and working for a company called the Web Sun Group.

According to court documents, Sluchevsky and Gorbachov ran at least four web apps that provided quizzes on various topics.

The web apps were advertised and shared on Facebook but they were hosted on a multitude of third-party websites such as megatest.online, supertest.name, testsuper.su, testsuper.net, fquiz.com, and funnytest.pro.

Named "Supertest," "FQuiz," "Megatest," and "Pechenka," the web apps were mainly advertised toward Russian and Ukrainian-speaking audiences, and enticed users with themes of "Do you have royal blood?, "You are yin. Who is your yang?" and "What kind of dog are you according to your zodiac sign?," among many.

Sluchevsky and Gorbachov ran their scheme between 2016 and 2018, Facebook said. Once users landed on these sites, they'd be prompted to enable push notifications in their browsers, which at later points would prompt the user to install various browser extensions.

These extensions contained malicious code that would scrape the user's profile for public and non-public data, and insert authentic-looking ads into victims' timelines. Other social networking sites were also targeted, but Facebook didn't name other victimized sites in its civil complaint.

The extensions were promoted on at least three official browser stores and sent back user data to servers in the Netherlands under the two suspects' control.

In total, Facebook said that the malicious extensions were installed more than 63,000 times.

"Defendants used the compromised app users as a proxy to access Facebook computers without authorization," Facebook said, which is now looking for an injunction and restraining order against the two developers to prohibit them from creating any more apps targeting Facebook users.

The company is also requesting financial relief for its efforts of investigating the defendants' operation and restitution of any funds the two made through the scheme.

The Daily Beast and Law360 first reported the lawsuit on Friday.

This is Facebook's second lawsuit of this kind. A week before, on March 1, Facebook sued four companies and three people in China for operating a network that sold fake accounts, likes and followers on Facebook and Instagram.

Facebook's worst privacy scandals and data disasters

More cybersecurity news:

Editorial standards