The malware infected computers of employees who visited a mobile application developer website.
According to Facebook, hackers exploited an unnoticed security flaw in Oracle's Java software last month.
The company says the attackers were using a "zero-day" exploit to install the malware.
Facebook, however says there is no evidence that Facebook member data was compromised.
The social network also points out that they were not the only company to be attacked in this way.
"Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well," said the company. "As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means."
The US Federal Bureau of Investigation (FBI) is working with Facebook is investing to find out the origin of the attack.
"As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day," said Facebook.
The firm also said the security breach happened in spite of their systems' running up-to-date antivirus software.
The current attack marks the latest in a number of sophisticated hacking attacks on high-profile sites and firms.
Earlier this month Twitter had been the victim of cyber-attacks after 250,000 users' passwords, names, emails and other data were compromised.