[Updated] For victims who already grant the permissions to this malicious app, please see procedures listed in the bottom of this alert. 

     AegisLab found a new chat spam now is circulating on Facebook. The sympton is there are some chat messages from your friends with words like "Hey, check out this girl, lol, she must be out of her mind for making that video!". These message includes a shorten-URL such as "bit.ly/dG9Qdj".


      When you click the URL in the chat message, the app requests the permission to access your Facebook profile and Facebook Chat as shown in below figure.

      Once you confirm the request, you will be redirected to a video page with a security check dialog.


      Either one of the options in the dialog will redirected to some suspicious pages like this.


      In the same time, the app will send the same message to your friends but includes a different shorten-URL.

      How to protect yourself from attack? Our suggestion is : Don't click any shorten-URL in Facebook chat.

     For user who had clicked the URL and granted the permission, you can follow the procedures listed in below.

  • Change your password.
  • Remove the app. 
      a. Click Account-> privacy setting -> Apps and Websites

              b. Click "Remove unwanted or spammy apps."

           c. Click "x" and "Remove"


By AegisLab.

Researcher: Luke.