A few months back we discussed the
Android Same Origin Policy (SOP) vulnerability, which we later found to have a
wider reach than first thought. Now, attacks are found under the collaboration of Trend Micro and
Facebook, which actively attempt to exploit this particular vulnerability, whose code we believe was based in publicly available
Metasploit code.
This attack targets Facebook users via a link in a particular Facebook page that leads to a malicious site. This page contains obfuscated JavaScript code (see in Figure 1 below), which includes an attempt to load a Facebook URL (seen in Figure 2) in an inner frame. The user will only see a blank page as the page’s HTML has been set not to display anything via its
div tag (Figure 3), while the inner frame has a size of one pixel (Figure 4).