However, according to a recent blog post of the security company Trend Micro, a few of the Facebook applications are used for fishing attack.
“These malicious applications (Posts and Stream applications) sent users to a known phishing domain, with a page claiming that users need to enter their Facebook login credentials to use the application”.
“The messages appear as notifications in a target user’s legitimate Facebook profile, as shown above. After entering the credentials, users would then be redirected to Facebook itself”.
In this way, the attackers can steal user’s login information. Moreover it could spread continually, because all the contacts of the victim will receive the notifications or invitations from the application.
Even though Facebook has already been alerted the situation, users should take precaution before entering the username and password or any other personal information.
(Via, Image credit Trendmicro malwareblog)