Facebook suit accuses two Ukrainians of distributing adware disguised as quizzes

When Facebook users installed malicious software extensions that masqueraded as online quizzes, they were unwittingly injecting advertisements into their news feeds and exposing their friend lists, according to the lawsuit.
Facebook social media
(Wikimedia Commons)

Facebook has accused two Ukrainian men of using quiz apps on the social media platform to infect victims with malicious software, according to a lawsuit first noticed by the Daily Beast.

By installing software extensions that masqueraded as Facebook quizzes, users unwittingly allowed the two men to inject advertisements into their news feeds and access their lists of friends, according to the lawsuit. That information then was exfiltrated to servers outside the country.

The two men, Andrey Gorbahov and Gleb Sluchevsky, are Kiev-based entrepreneurs affiliated with a company called the Web Sun Group. The company did not respond to a request for comment from the Daily Beast Friday, and its website appeared to be down by Monday.

“In total, Defendants compromised approximately 63,000 browsers used by Facebook users and caused over $75,000 in damages to Facebook,” the company claims in the lawsuit.


The activity lasted from 2016 until October 2018 and primarily affected Russian users, according to Facebook.

The malware in this case posed as quiz apps called “Supertest,” “FQuiz,” “Megatest,” and “Pechenka.”

Political consultancy Cambridge Analytica, which collected information on roughly 87 million users, also used online quizzes, including a “sex compass” game, to trick users into providing information about their online browsing habits. Facebook says it now intends to shift to a privacy-focused business model after the Cambridge Analytica scandal and other controversies about its handling of user data, founder Mark Zuckerberg said in a blog post last week.

Social media companies have not hesitated to file suit when outside companies appear to be using their data, or their users’ data, for purposes other than the company intended. This kind of activity, typically known as data scraping, may also occur when advertising companies collect data about millions of users for their own marketing purposes.

The professional networking site LinkedIn also has sought to prevent hiQ Labs, a data science company, from using data from public LinkedIn profiles to predict which users are most likeky to leave their jobs sooner.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts