Zuckerberg did anticipate planned future action in the form of three initiatives to secure user data: 1) they will conduct a an audit of any
app that had access to large quantities of information before they secured their API in 2014, making sure there is no suspicious activity, 2) they will restrict developers» data access further, asking them to sign a contract and adding an expiry date to third party connections on
apps you may no longer use, 3) they will launch a new tool (one already
exists but is somewhat obscured within Facebook's security settings) next month that will help users better understand which
apps have your data, and giving you easy access to revoke those
permissions.
These cases of malware (if they even
exist) are probably as a result of sideloading
apps from the internet and not reading its
permissions before installing.