Users of mobile devices running Google's Android OS were warned over the weekend against a new fake app of the social networking giant that may lead to potential Android malware.
BitDefender said the bogus Facebook apps are duplicates of legitimate apps like “Lista de Verificación del Amante Ideal” and “Lista de Verificare pentru Iubit(a)” (Spanish and Romanian for “Girlfriend Checklist”).
In a blog post, it said the duplicated apps have the same functionality as their counterparts, but they perform http 302 redirect to another link that is not Facebook-related once they detect mobile traffic.
"When detecting an Android handset, the altered app redirects you to a random Google Play (Android marketplace) game that’s totally unrelated to what you were doing, it said.
However, it added: "None of the analyzed Google Play apps have proven to be infected with malware, but the possibility of being redirected to some potentially malicious application or website should not be taken lightly."
"This could be the beginning of paid promotions through Facebook, where Android app developers can actually subscribe to have their apps promoted via Facebook by means of illegitimate services. This type of paid advertisement... is a new concept... and while these redirecting links/apps are not malicious so far, they could turn out to be at some point," it added.
The fake apps claim to scan a user's Facebook contacts and list all the potential girlfriends or boyfriends among the user's friends.
Also, they enable tagging so “potential candidates” can be made aware of the (fake) app you’ve used. BitDefender said that while cross-site scripting is nothing new, this is one of the few times when a direct correlation between Facebook and promoting Android apps via redirecting mobile traffic has been reported.
On the other hand, BitDefender said visiting the link from a desktop PC is safe since the apps appear to affect Android devices.
BitDefender raised security concerns over the thin line between real and fake Facebook apps – as well as some apps' behavior when they sense other Android handsets nearby.