Rogue Apps Unleash Phishing Attacks on Facebook

On Thursday Facebook shut down six rogue apps that were attempting to steal personal info from its users. Within hours after the apps, called “Streams”, “Posts”, “Your Photos”,  “Birthday Invitations” , “Inbox (1)” and “Inbox (2)”, were shut down, five new ones appeared. Those apps, called “Friends”, “Friends Gifts”, “Matching”, “Pok” and “Your Photos”, where also shut down.

When the fake notifications generated by the apps were clicked, users were asked to log in with their FB username and password. This information was transmitted to a remote server. At the same time, the app spammed everyone on the user’s friends list with the same fake notification they clicked on.

Rogue apps have been a constant issue on Facebook. Since the site doesn’t require anything more than an email address in order to be given the developer tools needed to create apps, and doesn’t have an app approval process in place, it’s very easy for scammers to get access to the hundreds of millions who use Facebook.

It’s not yet known if the same person/group is responsible for all 11 apps.