Facebook on Thursday said it had disabled six rogue apps that were stealing Facebook users' log-in credentials and spamming people, and within hours more appeared.
Five more of the apps appeared on Thursday, called "Friends," "Friends Gifts," "Matching," "Pok," and "Your Photos," according to an updated blog post by Trend Micro researcher Rik Ferguson.
By that night those new ones were disabled too. Facebook "will continue to ensure that all applications on Facebook Platform comply with Facebook policies," a spokeswoman for the company said.
According to Ferguson's post: "The new rogue apps take the same format as previously but use different application icons, have slightly more credible notifications to your friends and also now feature bogus notifications to the profile owner, presumably in an effort to persuade the victim to install further apps and maximise the fraudsters' advertising returns."
He had discovered six rogue apps earlier in the week. One of those was disabled, and later the other five from the first batch were disabled.
Before the apps were removed, victims had been receiving notifications that someone had commented on a post of theirs. The notifications contained links to a phishing site where users were prompted to provide their Facebook log-in credentials and then prompted to install one of the rogue apps, according to Ferguson. Once the app was installed, the victim's friends were spammed.
Updated at 10:44 p.m. PDT with Facebook disabling the five new apps and at 12:43 p.m. with discovery of five new rogue apps.