The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that application called Secret Crush is installing Zango (aka AdWare.Win32.180Solution) with Iframe, technically from ZangoCash.com.
Shortly, this is the spreading mechanism:
In opening the request, the recipient is informed that one of his/her friends has invited him/her to find out more information by using “Secret Crush” (this happens frequently with Facebook’s Platform Application). [Figure 2] exhibits the social engineering speech employed by the malicious widget to get the user to install it.
The text included to the request entry is “One of Your Friends Might Have a Crush on You!”. Additionally, the buttons are ‘Find Out Who!’ and typical ‘Ignore’.
It appears that Secret Crush is not included to Facebook Application Directory (no log-in needed) any more. Reportedly FortiGuard Team has informed Facebook guys and probably the application has been disabled already.
Update 4th Jan: The application mentioned is located here (renamed to My Admirer), still accessible and has “50,708 daily active users i.e. 4% of total”.
The exact number of affected users is not available.