For the price of a few CDs, you can get a template that spreads malware, directs users to click-fraud accounts or directs users to bogus surveys to get their personal information. Calling it a ‘new era of commoditisation of malicious activity for Facebook is now here', Websense Security Labs said that they are increasingly becoming a daily occurrence and are likely to have been created by these templates.
Calling them ‘Profile Creeps' and ‘Creeper Tracker' applications, Patrik Runald, senior manager of security research at Websense, said: “The bad guys will continue to look to take advantage of every available resource on the web, including Facebook, in an effort to make money or steal information.
“With the introduction of exploit kits and the templates for rogue Facebook applications, like the one we just discovered, the threshold for entry for criminal activity is significantly lowered. These kits are increasingly becoming commoditised and with it, the potential pool of attackers and victims increases.”
Paul Vlissidis, technical director at NGS Secure, said: “Everyone is clearly embracing the digital world and are keen to try out the new developments that are appearing on a daily basis. Having said this, the ‘download now, ask questions later' culture is very risky.
“Applications are easy to access; commonly go viral and a large proportion of them are free of charge, making them even more appealing. Most large companies have the requisite security policies and software in place to not only protect mobile devices but also educate their employees. Only now are they realising how sophisticated hackers are and as result, beginning to consider the vulnerability of apps.”