The realization came with the discovery of duplicates of legitimate Facebook "dating" apps.
The duplicates use the same names as the original ones (Lista de Verificación del Amante Ideal and Lista de Verificare pentru Iubit(a)), but perform differently.
While the legitimate ones scan the user's Facebook contacts and list potential partners, the clones are able to detect whether the user uses a mobile device, and if he does, they redirect him to a random Google Play game.
So far, none of the games/apps (or pages, for that matter) to which the users get redirected are malicious, but it can and probably will happen.
"Cross site scripting is nothing new; however, this is one of the few times when a direct correlation between Facebook and promoting Android apps via redirecting mobile traffic has been reported," says Bitdefender.
"Visiting the link from your desktop PC is safe, but if you’re accessing the same app from your Android handset, things become risky."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.