Malicious Facebook UnfriendAlert app used to steal FB credentials

Pierluigi Paganini June 06, 2015

Fraudsters are spreading a Facebook UnfriendAlert app that notifies users whenever someone removes them from friend list, in reality it collects credentials

Curiosity Killed the Cat, everybody wants to know who is visiting his profile on every social media platform. The new scam scheme is targeting Facebook users that want to control who visit their profile, who unfriended them from the Friend list, who spent his time reading their posts and much more.

Clever users are accustomed to look for plugins and apps that allow them to add new functions to their new Facebook account, and the crooks know it!

Many scams in the past have exploited bogus applications that promise to implement new functionalities, this time we will discuss a new free application that notifies users whenever someone removes them from the Facebook friend list. According to the researchers at Malwarebytes, scammers are spreading the UnfriendAlert application with the main purpose to steal users’ Facebook credentials.

The fraud scheme is quite simple, in order to activate the supplemental features, Facebook users have to activate unfriends monitoring and alert service by providing their Facebook credentials.

“The installer claims that the app will notify you when you get unfriended by someone on Facebook. After installing, sit back” did not work for me. I ran the program under Windows 7 and had to check manually if I had been unfriended. But if you provide your login credentials, which seems a bad idea in the first place, the program is able to see whether one of your Facebook friends decided they had enough of you.” wrote Malwarebytes experts.

Facebook unfriendAlert app

Once the victim submits his login credentials the Facebook UnfriendAlert app will send them to the website “” managed by the crooks, the researchers discovered it by analyzing the traffic with Wireshark.

“Looking at a Wireshark log for this check however shows that the login credentials are not sent directly to Facebook but to “””
Facebook  unfriendAlert Facebook app wireshark

Late last month, the Facebook UnfriendAlert app was also classified as a potentially unwanted program (PUP), a category of malicious application used by fraudsters to display unwanted advertisements when victims visit some web pages.

If you have installed the Facebook UnfriendAlert app uninstall it as soon as possible, and of course, Change your Password immediately.

Below the instructions provided by MalwareBytes to uninstall the Facebook UnfriendAlert App from your computer:

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to “Quarantine”, and click Apply Actions.
  • Reboot your computer if prompted.

Pierluigi Paganini

(Security Affairs – Facebook UnfriendAlert , Scam)

you might also like

leave a comment