Wednesday, December 22, 2010

Never Text again app spreading through Facebook

 Last night I was reading through my Facebook feed and noticed an odd application post on my feed. The odd app made a post that said "I am no longer texting after reading this - (link)". Clearly it was a malicious facebook application so I decided I would research it more in the morning. This morning I went to check it out and the post and app was removed by Facebook. Although I was glad the app was removed I decided to find out how many other app's like this were spreading this same message.

 It took me a grand total of 10 seconds to find another app spreading the same message. The new app I found was spreading with the message "You'll never send a text msg again after reading this!--> (link to app)". The app had a flow of users clicking the app and allowing the app to post the message to all the friends they had on Facebook. I searched the homepage of the app for any malicious payload but I found no malware Malware may be hiding somewhere else but a quick glance of the site nothing bad was seen. However its not the same for every app so you may get infected from another one of the apps like this So what lays beyond the link you may ask? Most likely survey spam and scams, and like all these app's the link will be spread to all your friends via your newsfeed. A few of these apps have malware hidden behind them but not all of them.

 This is only one example of the many apps like this spreading through Facebook. This is only one variant of the many "never texting again apps". In fact not to long ago Sophos security researchers ran into another variant the never texting again app and wrote about it on the Sophos Security Blog: You can check out that article here

 I would like to end on some security tips on how to remain safe from these types of social infections:

1. Make sure your friends posts sounds like them, if you have a friend saying they are never going to text again after reading some news and you know they love to text you should know they are not going to quit that quickly. They quick change in behavior and odd link are clear malware fakebook app behavior.

2. Look at the bottom of the message, if the message says something like "posted an hour ago" or "posted from mobile web" you can tell the post was made by a human. Most of these odd post apps have very weird names, I have seen one that the app name was ":)".

3. If one of your friends gets infected with one of these odd apps kindly inform them that they are spreading it on facebook. Also it may be a good idea to comment on the link to warn others from clicking on it. Finally see if they can remove the app from the apps they have permitted on facebook so it will stop posting.

No comments:

Post a Comment