Suspicious Facebook app attracts nearly 300,000 fans

While it doesn't do anything malicious yet, it may just be a matter of time, according to a security analyst

A suspicious application circulating on Facebook has attracted nearly 300,000 fans whose profiles could be used as launching pads for spam, according to a security analyst.

The application, called "I will NEVER text again," lures Facebook users by offering a video, said Graham Cluley, senior technology consultant for security vendor Sophos. When someone clicks on a link advertising the application, the application asks for permission to access their basic information and post to their Wall.

If a user grants permission, the link is then posted to the user's Wall and goes out in the person's news feed, which then gets read by other friends and potentially added to their profiles, Cluley said.

So far the application hasn't done anything malicious, and many Facebook applications ask for the same access to a person's information and Wall. But it has some suspicious characteristics. Although it promises a video, the video does not work, Cluley said.

The application's publisher is listed as "Anne Klein," who has a Facebook profile with no photograph. "It looks like a bogus page," Cluley said.

Cluley said Facebook doesn't review applications as rigorously as, for example, Apple does for its iTunes application marketplace.

Since "I will NEVER text again" has permission to post on a person's Wall, the application could be used to spam links to dodgy Web sites.

"It could be used for advertising, for spam or could be used to spread malware as well," Cluley said. "At the moment they are trying to recruit users into the network."

Cluley said he reported the application as suspicious around 6 p.m. U.K. time on Monday. As of Tuesday morning, the application was still active. In the past, Facebook has deleted applications similar to "I will NEVER text again," and it may only be a matter of time before this one is nixed, he said.

Facebook representatives in the U.K. were not immediately able to comment on the application.

Send news tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags sophosInternet-based applications and servicessecuritysocial networkinginternetFacebook

More about AppleecruitetworkFacebookSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts