Phishers are constantly trying new bait to hook you into downloading malware. Symantec reported on October 9th a new Phishing attack aimed at Facebook users. A website offers a free Facebook app that will show you who is visiting your Facebook page. If you read my article “Facebook Dump More User Privacy” published yesterday you will know this is a very good time for an app that could actually do this. Unfortunately some criminals thought to exploit the need.
The service claims that to receive the information you must either give them your Facebook credentials, or downloading an app. Imbedded in the app is the Infostealer Trojan. If you elect to enter credentials then you have given away access to your Facebook account. Either way you lose.
The Trojan installs a keylogger to capture everything you type. It sends the information collected to the criminals when it detects an internet connection. For more information see Symantec Connect.