Never Texting Again: Facebook rogue app spreading quickly

Updated Over 290,000 people have in the last few days clicked on a link that is spreading virally across Facebook, claiming to point to a video of someone who died after sending a text message on their cellphone.
The links are being posted on innocent Facebook users’ walls by a rogue application. A typical message posted by the rogue application reads:

I am shocked!!! I’m NEVER texting AGAIN since I found this out. Video here: – Worldwide scandal!

Facebook status messages from affected users

If you do make the mistake of clicking on the link then you are taken to the rogue Facebook application

Rogue Facebook application

Permission request from rogue application

The problem is that even though Facebook is warning users that they are giving the “I will never text again after seeing this” application permission to post to their wall (as well as access their personal information) many people are still go ahead and press “allow”.

Why should you ever have to grant an application such permissions in order to watch a video?

Sigh.. Sometimes you just feel like you’re hitting your head against a brick wall..

Sure enough – with the permission granted, the application begins to spread its links virally via your Facebook profile:

I’m Never Texting Again Since I Found This Out
<name> has seen a shocking video, which shows someone dying because of texting

Facebook account hit by app

Here’s a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams:

Properly cleaning-up your account after you have given permission for the rogue application to access your Facebook account takes two steps. But I’ll throw in a third for good measure.

Sign up to our free newsletter.
Security news, advice, and tips.

1. Remove the application
Firstly, visit your Application Settings on Facebook and click on the “X” to remove the app from your profile.

The rogue application should be removed through Facebook Application settings

You will be asked to confirm if you really want to remove it. Obviously the correct answer is to go ahead and remove it.

Facebook asks for confirmation that you do wish to remove the application

2. Clean-up your wall
With the application gone, you now need to clean-up your own wall – and stop advertising the link (and rogue application) to your online friends. Hovering your mouse over the posts on your wall should display a “Remove” option which will allow you to sanitise the news feed you are sharing with others.

3. Get smart
There are only two things you need to do to clean-up your Facebook account, but I’d recommend you get yourself educated about internet threats too, so you’re wise to these sort of attacks in the future. If you’re regular user of Facebook, you should really join the Sophos page on Facebook to be kept informed of the latest security scares and attacks.

And don’t forget to tell your Facebook friends who passed on this rogue app to you, so they can be wiser in future.

Update Some folks asked me how I know how many people have clicked on the link. Easy! I looked up the url on statistics’s stats also tell me that the vast majority of clickers are from the USA – over 225,000 Americans so far..

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.