According to News.com.au, Facebook Hacker sends other people an executable file (.exe) that, if clicked on, will steal their login details and secretly email it back to the sender.
And unlike programs that secretly monitor keystrokes to steal passwords and logins, this one doesn't require the victim to type anything at all.
According to security blog Malware City, the tool can extract info by just searching for key words saved by the user's web browser.
The solution is to disable auto-remember or auto-complete features in all programs - including your web browser, said Asia Pacific head of technology at Sophos Paul Ducklin.
Another trick is to keep different passwords for different accounts - most people keep same passwords for all their accounts.
This means once scammers get the information from your Facebook account, they could have access to your email or other sites as well.
Currently, Facebook is facing other issues within - the 'like' button, which when clicked, signs the user as a fan and promotes it to all their friends, the bait-and-switch scam and the more recent 'install dislike button' that milks the user's profile.
Nearly all these scams entice users with the promise of an outrageous video clip or story, as long as they complete a survey first.
When you complete the survey, the scammer gets a commission. But even if you don't, the rogue application has already accessed your data and implanted itself in your account.
"The Internet is fun but that doesn't mean you have to throw caution to the wind," said Ducklin, commenting that although security seems to be an ever-growing issue, people too have to be equally responsible and sensible. (ANI)