Rogue Facebook app harvests user credentials

By on
Rogue Facebook app harvests user credentials

Facebook users who allow third-party applications onto their desktop have been warned that a rogue Facebook app is luring users to a site set up to harvest their credentials.

Affected users receive a notification that someone has commented on one of their posts, but clicking on the hyperlink in the notification leads to a malicious site hosted on the domain, according to Trend Micro senior security advisor Rik Ferguson.

The malicious site then pulls up the real Facebook log-in page to prompt users to enter their details again.

The notifications appear to come from a dubious sounding app called 'sex sex sex and more sex!!!' which has over 287,000 users signed up already, said Ferguson. He warned users to always check the URL of a site in the browser bar before entering sensitive information.

"Also check the true destination of a link before clicking it by hovering your mouse pointer over it. If it looks suspicious, don't click it," he wrote in a blog post. "Also, if you're a Facebook user, now would be a good time to review your privacy settings and clear out any applications you no longer use."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©

Most Read Articles

Log In

  |  Forgot your password?