A rogue Facebook app is spamming newsfeeds and tricking users into handing over profile access. According to security firm Sophos, hundreds of thousands of Facebook users have already fallen victim to the rogue application, this one identified as a video claiming to show a teacher nearly killing a boy.
With the lure of the message "Teacher nearly kills a 13-year-old boy. SHOCKING!," the rogue app can take control over the victim's Facebook profile page and spread by appearing on the victim's Facebook wall, according to security company Sophos.
Clicking on the rogue application's bit.ly link re-directs Facebook users to a page encouraging victims to "click here and then ALLOW, to see the shocking video," but doing so allows this third-party application "to gain access to your profile," says Sophos security expert Graham Cluley, who has written a blog post on the threat. "Do you really want this application to have access to your name, lists of friends and profile picture?"
After spreading, the rogue app may try something else in the future, such as phishing your friends' passwords or spreading malware, Cluley says.
Sophos is advising anyone who falls victim to this scam to take steps to remove the app from their profile and delete posts associated with it.