Rogue Facebook app goes viral

Over 170,000 people have been tricked into clicking on a malicious link that is spreading virally across Facebook.

According to senior Sophos researcher Graham Cluley, the link points to a video of an individual who purportedly died after sending an unspecified cellphone text message.

The link – which is posted on user walls by a rogue application – is typically accompanied by the following blurb:  

“I am shocked!!! I’m NEVER texting AGAIN since I found this out. Video here: – Worldwide scandal!”

As expected, members who click on the above-mentioned link are directed to the rogue Facebook app homepage, which then requests permission to post to a user’s wall.

“Sure enough – with the permission granted, the application begins to spread its links virally via your Facebook profile,” explained Cluley.

“The problem is that even though FB is warning users that they are giving the ‘I will never text again after seeing this application permission to post to their wall (as well as access their personal information) many people are still go ahead and press allow.’

“[But] why should you ever have to grant an application such permissions in order to watch a video? Sigh…Sometimes you just feel like you’re hitting your head against a brick wall!”

Cluley added that affected users can remove the rogue application from their Facebook accounts by following two simple steps:

  • Select the “Application Settings” menu and click on the “X” to delete the “I will never text again…” app.
  • Stop advertising the malicious link and rogue app by hovering over and removing affected Wall posts.