Two more rogue Facebook apps linked to Fucabook scam

UPDATE 4: 20th August Facebook have removed the six rogue apps mentioned below. Unfortunately 5 more have appeared over the course of today, they are called “Friends“, “Friends Gifts“, “Matching, “Poki” & “Your Photos” (same bat-name, different bat-app) bringing the total so far to 11. The new rogue apps take the same format as previously but use different application icons,  have slightly more credible notifications to your friends and also now feature bogus notifications to the profile owner, presumably in an effort to persuade the victim to install further apps and maximise the fraudsters advertising returns.

Facebook notifications page

Facebook notifications page

UPDATE 3: 19th August Rogue app number six just showed up and is unsurprisingly called “Inbox (1)

 

UPDATE 2: 19th August:A fourth & fifth rogue app just surfaced, being spread by phony messages spammed out by the other rogue apps. The next applications to avoid/remove & block are called “Birthday Invitations” and “Inbox (2)” again they behave in the same manner as the others.

 

UPDATE 19th August: Make that “Three more rogue apps”. The rogue application “Stream” mentioned below, today started sending out notifications  that lead to yet another rogue app.

 

Using an already compromised account, I loaded up the app page for the malicious app “Posts” today, it immediately messaged my friends with a link to the “Stream” app I have already blogged about. However, when I loaded up the “Stream” App page, it also sent out new messages, the link in the message went to an external (to Facebook) link, which in turn holds a redirection script that pushed me to another new malicious app called “Your Photos

 

Your Photos” looks exactly the same as the “Stream” and “Photos” apps, and also sends out rogue notifications pointing to the same script referenced above.

 

I am keeping Facebook informed of these developments as they arise and they are working hard to rectify the situation.

________________________________________________________________________________________

Original post follows:

I have been continuing to look into the Facebook phishing/rogue application story that I blogged about yesterday, because it wasn’t at all clear to me how the application “sex sex sex and more sex!!!” was generating those messages pointing to the malicious web site.

My research has turned up two further Facebook applications which this time have quite clearly been designed for malicious activity and can be clearly linked to the fucabook phishing.

When a victim logs in in using the bogus fucabook page, after entering their password for the first time, they are prompted with a screen asking for their password again “to use the full functionality of malicious application name”, (yesterday the bogus app was called Posts, today it is called Stream).

smalladdstream

Once this application is added, it uses the image of one of your friends (because your apps can see any info that you can see) to tell you that someone has generously sent you a meaningless graphic. It also gives you options of how to respond to this dubious gift, but no button to act on those options. Stream and Posts both look the same.

smallstream

 The application then goes on to send spam to all your contacts, without asking for permission of course…

The notifications sent to friends all point back to the fucabook phishingsite. Worthy of note also is the fact that both malicious applications use the same graphical icon to identify themselves. The icon itself has been lifted from the very familiar and entirely trustworthy Facebook Wall application which most users will be used to seeing in their notifications on a regular basis, adding further surface credibility to the attack.

angdave

How the application “sex sex sex and more sex!!!” got involved is still unclear, but if the app itself is not malicious, then my current best guess would be application hijacking/hacking to kickstart the phishing/malicious application cycle seen here.

So like I said yesterday, always check the URL displayed in your browser’s address bar before entering any sensitive information. Also check the true destination of a link before clicking it, by hovering your mouse pointer over it. If it looks suspicious, don’t click it. Also, if you’re a Facebook user, now would be a good time to go and review your privacy settings and clear out any applications you no longer use

Trend Microhas informed Facebook of these findings.

65 thoughts on “Two more rogue Facebook apps linked to Fucabook scam

  1. Pingback: Twitter Trackbacks for Two more rogue Facebook apps linked to Fucabook scam » CounterMeasures [trendmicro.eu] on Topsy.com

  2. Pingback: Facebook disables 6 rogue phishing apps, but 5 more appear : BizzRoot

  3. Pingback: Shopping Mall » Blog Archive » Facebook Phishers Target Notification Messages [ALERT]

  4. Pingback: Facebook eCommerce May Have to Clear Security Obstacle | Jupiter SEO Services

  5. Pingback: Facebook eCommerce May Have to Clear Security Obstacle | Work at home | Wholesale Dropship Websites | Turnkey Websites | Online Business Opportunity

  6. Pingback: Facebook eCommerce May Have to Clear Security Obstacle | The Free Site Hosting | Reviews & Top Hosts

  7. Pingback: A Glorious Week of Identity Theft « The Aloricans

  8. Pingback: Rogue Phishing Applications Plague Facebook | Everything's Social

  9. Pingback: Small Business Mavericks » Blog Archive » Social Media Marketing, Facebook and Rogue Applications

  10. Pingback: Is Facebook A Safe Haven For Social & Viral Marketing?

  11. Pingback: Facebook eCommerce May Have to Clear Security Obstacle - Programming Blog

  12. Pingback: Facebook eCommerce May Have to Clear Security Obstacle - Programming Blog

  13. Pingback: Beware Rogue Facebook Phishing Apps, IronKey Secure USB Device

  14. Pingback: Marcosof Informatica y Telecomunicaciones » Blog Archive » Una aplicación de Facebook dirige al usuario a ataques de phising

  15. Pingback: Information: Facebook delete 6 Virus application « Tuen's Blog

  16. Pingback: Facebook phishing app plague may be getting out of control | CHARGED's Digital Lifestyle at Work or Play

  17. Pingback: Anti-Virus & Anti-Malware website. » Facebook Applications Used For Phishing

  18. Pingback: Beware Rogue Facebook Phishing Apps | Complete Source

  19. Pingback: Beware Rogue Facebook Phishing Apps - Privacy and Identity Theft

  20. Pingback: Facebook eCommerce May Have to Clear Security Obstacle | SEO Strategy Consultants - Florida - Miami - West Palm Beach - Orlando

  21. Pingback: Facebook Security Becoming a Bigger Issue? | SEO Strategy Consultants - Florida - Miami - West Palm Beach - Orlando

  22. Pingback: Facebook verwijdert zes virusapplicaties | PC Web Plus

  23. Pingback: Facebook Security Becoming a Bigger Issue? - News: Everything-e

  24. Pingback: Una aplicación de Facebook dirige al usuario a ataques de phising | Shadow Security

  25. Pingback: » A Glorious Week of Identity Theft - Blogger News Network

  26. Pingback: Identity Theft Expert Speaker Protection Prevention Resource Blog » A Glorious Week of Identity Theft

  27. Pingback: Facebookのフィッシングアプリ、対策を講じたその日にまた登場 « WordPress

  28. Pingback: Phishing-Gefahr: Auf Adresse in URL-Zeile des Browsers achten - datensicherheit.de Informationen zu Datenschutz und Datensicherheit

  29. Pingback: Phishing Apps Running on Facebook | WCZone Web Design! | Akron Ohio Website Design - Akron Web Development, Cleveland Web Design, Business Website,Web Programming, Akron, Summit County - Services Cuyahoga Falls Website Design Web Development, Business Web

  30. Pingback: Facebook disables rogue phishing apps | Dreamdee Have a good dream

  31. Pingback: Malicious Facebook apps can steal your info | Gadget Nomad

  32. Pingback: Facebook-Anwendungen stehlen Log-in-Daten - Security | News | ZDNet.de

  33. Pingback: Facebook Applications Used For Phishing

  34. Pingback: Facebook Phishers Target Notification Messages [ALERT] | Blog13

  35. Pingback: Facebook Phishers Target Notification Messages [ALERT] | NASZAKLASA

  36. Pingback: Mentors Blog » Facebook Phishers Target Notification Messages [ALERT]

  37. Pingback: Facebook Phishers Target Notification Messages [ALERT] | Stoth

  38. Pingback: Facebook Phishers Target Notification Messages [ALERT] | World News

  39. Pingback: Facebook Phishers Target Notification Messages [ALERT] - Programming Blog

  40. Pingback: Beware: Phishing and Spam in Social Networks at Word to the Wise

  41. Pingback: Rogue Facebook apps steal login data, send spam « Compren’s Weblog

  42. Pingback: Rogue Facebook apps steal login data, send spam « Friendly Computers

  43. Pingback: Tech News World » Facebook Phishers Target Notification Messages [ALERT]

  44. Pingback: Facebook Phishers Target Notification Messages [ALERT] | Techdare

  45. Pingback: Facebook Phishers Target Notification Messages [ALERT]

  46. Pingback: Facebook Phishers Target Notification Messages [ALERT] | TechTerminal

  47. Pingback: The Tech Town » Facebook Phishers Target Notification Messages [ALERT]

  48. Pingback: Rogue Facebook apps steal login data, send spam « Friendly Computers Virus Alerts

  49. vegister

    Can you clarify if, when clicking on a rogue fucabook link, the email address on the phoney login page is pre-filled (as per the screenshot), or both email and password entries are blank?

    Reply
    1. Rik Ferguson Post author

      It depends on whether you are logged into Facebook at the time you visit the link. If you are already logged in (as most will be to have received the notification, then the first login screen is bypassed completely and you are invited then simply to “Allow” the rogue app.

      Reply
  50. Pingback: Twitted by DeathwishDuck

Leave a Reply

Your email address will not be published. Required fields are marked *

*