A rogue Facebook application has been detected that sends users to a credential-harvesting site.

Rik Ferguson, senior security advisor at Trend Micro, claimed that the application is sending notifications that lead to the application via a user commenting on a post.

Ferguson said that the notifications appear to come from an application called ‘sex sex sex and more sex!!' which despite sounding shady and looking a bit of a mess still boasts over 287,000 fans.

Trend Micro detected that the hyperlinks in the notification both lead to a malicious website hosted on the fucabook.com domain and not to a link back on the profile. The server at fucabook.com then loads up a JavaScript before immediately using HTTP meta refresh tags to pull up the real Facebook website and prompting the victim for their login credentials.

Ferguson said: “Always check the URL displayed in your browser's address bar before entering any sensitive information. Also check the true destination of a link before clicking it, by hovering your mouse pointer over it. If it looks suspicious, don't click it. Also, if you're a Facebook user, now would be a good time to go and review your privacy settings and clear out any applications you no longer use.”

He further claimed that the attack site is registered to an Arsen Tumanyan who allegedly resides in Armenia. The domain is registered through GoDaddy and the URL leads to an IP address that resolves to Amazon Elastic Compute Cloud (EC2).