Facebook App Installs Spyware

Anyone who has installed the third party Facebook application "Secret Crush" is at risk of installing spyware according to this report from security firm Fortinet. Apparently the app entices users by saying "one of your friends my have a crush on you" and then once installed it attempts to download the infamous spyware Zango. The malicious widget authors get rewarded with as much as over $1 USD upon each successful installation, according to Zango's affiliate program rates (note that as of January 4, the widget changed its name from "Secret Crush" to "My Admirer" and as of today WebWare reports that Facebook has disabled the application completely).

secret crush

Fortinet reports that over 1 million Facebook users may have been infected due to the aggressive way the application encourages invites to 5 or more friends. Effectively that point where viral marketing meets virus software:

This practically makes the widget a Social Worm. Unlike many social worms, the "Secret Crush" propagation strategy does not rely on phishing or any sort of user-space customization feature abuse (see our primer on social worms ). Rather, it relies on pure social engineering which is based on simple manipulation strategies such as "escalation of commitment". Since users have freely chosen to install the widget at the cost of disclosing their personal information, psychologically speaking it is difficult for them to stop the process at that point. Therefore, most of them will invite at least 5 friends to complete the process. Even after that step, no crush of any sort is revealed

secret crush alert

This is not the first time that mashups and widget security has been the topic of discussion as you can see some of our earlier reports including Mashups as Hacker's Dream and Banned Books and the Big Brother Mashup.

It's likely we'll see more and more variations of mashups and widgets being used for phishing, spyware and other scams this year. The allure of access to such large user bases and the proliferation of open platforms are going to give security experts a whole new speciality.

Be sure to read the next Security article: Are You Logged-into Google?


Comments (17)

[...] Facebook App Installs Spyware “Anyone who has installed the third party Facebook application “Secret Crush” is at risk of installing spyware according to this report from security firm Fortinet.” (tags: facebook applications spyware Security) Book Mark it-> del.icio.us | Reddit | Slashdot | Digg | Facebook | Technorati | Google | StumbleUpon | Window Live | Tailrank | Furl | Netscape | Yahoo | BlinkList [...]

A worm might have a crush on me? That´s disgusting

[...] not a serious like the recent Secret Crush spyware app but shows how opening up a platform brings with it all sorts of possibilities for manipulation. We [...]

[...] første historie handler om applikationen ‘Secret Crush’, der nu viser sig at kunne bruges til at sprede spyware-pro.... Ifølge Programable Web fÃ¥r udviklerne af applikationen lige omkring en dollar for hver gang, det [...]

[...] side of third party applications is things that pop up like I found in this article this morning: Facebook App Installs Spyware, which is based on this report by Fortinet.  Not saying all applications do or even the [...]

@Kevin, good summary. I think you're right that we'll start to see not only issues with platforms having lots of our data, but the third party apps as well.

[...] 最近的Facebook Apps传播Secret Crush spyware新闻。我觉得Facebook像是是一个marketing或spamming工具,因为如果你没有设定关闭邮件通知,你的邮箱时不时会接受邮件通知说朋友的活动更新,不管是大是小的。尤其朋友圈越来越大,什么无聊的游戏poke来poke去。 [...]

[...] a Facebook application is the subject of controversy (the other two being the Facebook Hoax and the Facebook Spyware). This time around the news comes via Fortune’s Josh Quittner who reports that Hasbro, the [...]


I dont use any 3rd party software from facebook, but soon as i log in my CPU usage goes through the roof & doing anything becomes difficult.

a need a spy i need to now who viewing me


I have pop up messages from secret crush on my FB page. Can you tell me how to stop this??