Facebook users at risk from malicious face-ageing app
Tue 24 Feb 2015
A malicious Facebook app, purporting to show users what they will look like in 20 years, has been uncovered which solicited usernames and passwords to hijack accounts and spread spam.
The app, which pops up on newsfeeds, walls and in advertising spots, takes the oblivious user to a fake Facebook phishing site (http://appnew2015 .cf/) designed to harvest login details by asking for usernames and passwords from the users to gain access to the ‘ageing’ app. The hook message currently features an image of actress Katie Holmes alongside her aged mock-up.
Once the credentials are stolen and the account hijacked, the cybercriminals can easily spread the scam among the users’ Facebook friends and can use the account to other malicious ends.
Similar scams have also been found across the social networking site recently, such as ‘See you… in 20 Years!’ and ‘Find your Best Friend on FB’ which also requested access to Facebook profiles and friend lists. Under this pretence the malware could access photos, inbox messages, and was able to post status updates and photos without authorisation from the account owner.
At the start of February a malicious pornographic video also littered Facebook newsfeeds which managed to steal login details and hijack over 110,000 accounts in just two days. The video required users to install a fake flash player which downloaded the actual malware, according to security researcher Mohammad Faghani.
In a statement Facebook assured that it uses “a number of automated systems to identify potentially harmful links and stop them from spreading.
“We’re aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites […] We are blocking links to these scams, offering clean-up options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook.”
This latest phishing site has now been taken down; however it has been advised that those users who believe that their account may have been compromised should reset their passwords immediately.
To avoid malicious apps it is important to download from official app stores, read related reviews, and check login screens for spelling errors and poor design which would point to criminal developers.