Facebook on Thursday said it had disabled a group of rogue apps that were stealing Facebook users' log-in credentials and spamming people, and within hours more appeared.
Five more of the apps appeared on Thursday, called "Friends," "Friends Gifts," "Matching," "Pok," and "Your Photos," according to an updated blog post by Trend Micro researcher Rik Ferguson.
"The new rogue apps take the same format as previously but use different application icons, have slightly more credible notifications to your friends and also now feature bogus notifications to the profile owner, presumably in an effort to persuade the victim to install further apps and maximize the fraudsters' advertising returns," he writes.
Ferguson had discovered six rogue apps earlier in the week. One of those was disabled as of Wednesday, he said.
Then on Thursday, a Facebook spokeswoman said via e-mail: "We have disabled all of the apps in question that violated Facebook Platform policies."
Asked about the five new apps, the spokeswoman said Facebook was investigating and would disable the apps immediately if they, too, are found to be malicious.
Victims were receiving notifications that someone had commented on a post of theirs. The notifications contained links to a phishing site where users were prompted to provide their Facebook log-in credentials and then prompted to install one of the rogue apps, according to Ferguson. Once the app was installed, the victim's friends were spammed.
This article was first published as a blog post on CNET News.
Play video
There are currently no comments for this post.