Recently, we came across an application that displays the message “Tornado Randomly Appears During Soccer Game” on Facebook:
Clicking on the message forces the download of a script from http://<IP Removed>/fb2.js, which displays a Facebook login message. If the user is logged in to Facebook, the malicious app will log the user out and ask him/her to log in again:
When the user clicks on the “Login” button, it will show the login form:
When the user enters login details and clicks on the Login button, the fake application sends two POST requests: one to Facebook.com, and the other to the malicious server. The request sent to the malicious server has the...