Information security experts are warning Facebookers to think before they download.
A rogue application that gave cyber criminals access to Facebook accounts for only $25 has been detected.
The template spreads malware, directs users to click-fraud accounts or directs users to bogus surveys to get their personal information.
Calling it a Websense Security Labs said it was now a daily occurrence.
Such 'Profile Creeps' and ‘Creeper Tracker' applications were a "new era of commoditisation of malicious activity", said Patrik Runald, senior manager of security research at Websense.
“The bad guys will continue to look to take advantage of every available resource on the web, including Facebook, in an effort to make money or steal information," Runald said.
“With the introduction of exploit kits and the templates for rogue Facebook applications, like the one we just discovered, the threshold for entry for criminal activity is significantly lowered. These kits are increasingly becoming commoditised and with it, the potential pool of attackers and victims increases.”
Paul Vlissidis, technical director at NGS Secure, said the "download now, ask questions later" culture was very risky.
“Applications are easy to access; commonly go viral and a large proportion of them are free of charge, making them even more appealing," Vissidis said.
"Most large companies have the requisite security policies and software in place to not only protect mobile devices but also educate their employees.
"Only now are they realising how sophisticated hackers are and as result, beginning to consider the vulnerability of apps.”