Promoted as toolbars that allow you to cheat at popular Zynga games such as Mafia Wars, they appear to be normal at first glance with a collection of links to various websites and other features common to this type of program.
Upon closer inspection, the toolbar is revealed to be a tool used to steal login credentials. If the user clicks on the "Facebook" button in the left top corner, he is taken to a Facebook look-alike phishing page:
The domain on which the phishing page is hosted is constantly changing because in time every domai gets reported, detected and blocked by the browsers. The different domains used had names like apps-facebook-inthemafia(dot)tk, mafiamafiamafiamafia(dot)t35(dot)com, apps-inthemafias-facebook(dot)tk, etc.The problem is that the toolbars - when they are not pointing towards the phishing page - point to the real Facebook URL, and the switch can happen anytime. It is best to distrust "cheating" toolbars altogether, and access Facebook and other networks and services by typing in the URL yourself or following your own bookmark.
Full report here.
netizens left a footprint.