Given Facebook’s user numbers, the fact is that hackers and malicious activity can infiltrate the site. As a follow up to our report on malicious Facebook hacks you need to look out for, Bitdefender helped pull together some different types of Facebook app scams that you need to avoid.
Warning: We’ve redacted the hyperlinks to the apps, but included the link in text form. Visit the sites at your own risk.
Change Your Facebook Color
This Facebook app first appeared on the radars of security researchers everywhere when Sophos warned users that the app was a scam. This app claims that it can change your Facebook color but like many suspicious apps before it, it requires users to fill out their personal information and complete surveys, which earn the creators money through affiliates.
Bitdefender scrutinized the app and discovered that it’s more malicious than first thought. Bitdefender Chief Security Researcher Catalin Cosoi says that the app steals its user’s authentication cookies and even instantly creates dozens of blog sites using that person’s Google account information. These blogs are then republished automatically to the victim’s Timeline with certain friends tagged (and this helps to avoiding Facebook’s blacklist since each blog link is a unique URL) to perpetuate the apps’ presence and lure in more victims.
The creators of the app however are getting more sophisticated. The app is appearing in different languages, with Spanish and French speakers as its first international targets.
For your information, this is what you’ll see on the Spanish version:
Cambia de color facebook, tunealo para que sea unico con esta magnifica aplicación, serás la envidia de todos tus amigos http://colorearfb.com/)
In French:
Super, facebook a changé ! Je l’ai il est vraiment trop cool, si tu le veux Il est désormais possible de Changer la couleur de ton Facebook ici: http://2doc.net/4avip
Who Saw Your Profile
It’s only natural to be curious about who’s looking at your Facebook profile. And sometimes our curiosity piques enough to search for applications that help to surface this information. Unfortunately, there aren’t any legitimate applications. Really: If you ever see something advertising this ability, it is a scam. Like the Change Your Color app, the motivation for illicit users to create these apps is for the affiliate dollars and your personal information.
There are variants to this popular Facebook app scam, which Bitdefender provided us examples of below:
Who saw your profile
Example: WoW!! I Cannot believe that you can now see who has been stalking your profile for real! You can easily check who is spying on you at http://apps.facebook.com/fggtrtbr/
Timeline viewers
Example: Awesome! The Patent has been Approved! Beta is out for this application!!I can see who viewed my TimeLine this past few days.
This app would then republish the following excerpt and link to your Timeline to lure your Facebook friends:
Now I know who are my real Timeline Viewers! :P Thanks for developing this application! Check yours here! https://apps.facebook.com/timeline-voyage/
Profile view
Example: My total profile views today: Male Viewers: 43 Female Viewers: 29 See your total views and who is viewing you here: http://apps.facebook.com/gdrydrete/
Facebook Credits Scam
Facebook Credits are the in-app virtual currency that gets you the coveted Zynga dollars in Farmville. Based on this, many Facebook credit scams will ask you sign up for the app to receive free Facebook Credits as compensation. Some scams won’t even run through a Facebook app in the first place. Of course it’s impossible to receive Facebook credits without paying for it so upon signing up, many versions of this scam will direct you to a malicious or fraudulent link.
Some of these apps will say the following:
Get your FREE 5000 FACEBOOK CREDITS! NO SCAM NO surveys NO waste of time no task its totally FREE! this promo is available for the first 1000 persons only… CHECK IT OUT ENJOY…i got mine and it works get yours here http://creditsoffers.blogspot.com.
Be cautious about what you click on
What users need to be mindful of is that by signing up for these malicious apps that appear in the Facebook App Center, they’re susceptible not only to sharing your personal Facebook data, but also their computers can be infected with devastating viruses and malware.
For example, Cosoi tells me that in July 2012 a link to a bogus video being shared on Facebook, when clicked would infect its users with a Trojan.Dropper.TQX virus. The virus stole information including Remote Access Service accounts, HTML content, running processes, passwords, and personal credentials. To manufacture a network effect, the link when clicked on by a victim would automatically be published to their own Timeline. Similar videos that Bitdefender has identified include:
- Crazy brother rapes and kills his little sister – Shocking!
- Woman kills own baby so she can play FarmVille
- Stupid woman left Facebook video chat on and boyfriend saw her cheating with other guy!
While antivirus and malware detecting tools like the ones endorsed by Facebook or even Bitdefender’s own Safego will work as intended, the user really is the first and last line of defense. Contrary to the assumption that users won’t be duped by these scams, studies are proving that users are vulnerable, in part because we’ve become almost too trusting of social networks.
One of these studies headed by Bitdefender found that an alarming 94 percent of respondents provided their home address, phone number, while four of five respondents disclosed information about their family, parent’s names, and types of passwords that they used. It should go without saying, but be careful what you share and especially what you click.