Facebook said that it took immediate action to repair all infected computers once the malware was discovered and added that it had informed law enforcement authorities.
It is the latest in a number of sophisticated hacking attacks on high-profile websites and companies.
Twitter reported earlier this month that 250,000 user details, including usernames, passwords and email addresses, were stolen by hackers. It said it was "not the work of amateurs".
The New York Times, Washington Post and Wall Street Journal have all accused China of attacking their computer systems.
Earlier this week a report by US intelligence community concluded that the country was being targeted by a massive cyber-espionage campaign.
The National Intelligence Estimate, a classified report compiled by the US intelligence services, identified energy, finance, information technology, aerospace and automotive companies as the most frequent targets of hacking campaigns that appear state sponsored, according to The Washington Post earlier this week.
Facebook said that the malware that attacked its own systems used a previously unseen loophole, taking advantage of a flaw in Java software made by Oracle, a mobile developer.
The company said the malware attacked its employee laptops despite running up-to-date antivirus software. It added that it was continuing to investigate the threat.
A statement on its website said: "Facebook, like every significant internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure.
"Foremost, we have found no evidence that Facebook user data was compromised."
It was unknown whether the cyberattack on San Francisco-based Twitter was related to the Facebook breach.