Scamming on Facebook is nothing new but you are generally conned into taking part in fake surveys or making unsolicited Facebook likes. It seems that the Facebook is now in the radar of cyber criminals who are using a very subtle type of phishing scam to make you download a malicious piece of malware.
This new type of scamming attempted was uncovered by Anti Virus and Security provider, Bitdefender. Bitdefender apparently is able to detect this trojan attempt and has name the trojan as Trojan.FakeFlash.A (Trojan.GenericKD.1571215). However what is more interesting is the route the cyber criminals take into luring a unsuspecting victim into download the Trojan.FakeFlash.A.
According to Bitdefender, the cyber criminals first post a Facebook message on the victim’s wall, which will read something like “[user name/your friends name] private video,” “[user name/your friends name] n***** video” or “XXX private video.” The name on the video will generally be someone from your Facebook friends circle. Believing the obvious, a Facebooker clicks the link. When the links from these posts are clicked, users are taken to a fake YouTube site that appears to show a video that’s already been viewed by millions of people.
But when the victim presses play on the video, he is told that his Flash Player has crashed and as such he should update his Flash Player in order to access the content.
Well the the Flash Player update is a disguised Trojan. Once the victim clicks on update, he unwittingly installs a a web browser extension that’s capable of completely hijacking the victim’s Facebook account to steal their photographs and spread the scam posts to others in their Facbook circle.
The scam posts published by this rogue extension on users’ timelines tag the victim’s friends to attract their attention. To increase the infection rate, the malware has multiple installation possibilities. Besides the automated and quick drop on the computer or mobile device, it also multiplies itself when the potential victims click the fake Adobe Flash Player update.
To make the scam more credible, cyber-criminals faked the number of views of the adult video to make it look more convincing to the victim. The malware creators manage to fake the date they uploaded the malicious video by making it current. In addition, the pretty ingenious scammers have also added a message that the video is “age-restricted” based on “Community Guidelines” to make it even more realistic.
Bitdefender says that the Trojan has already spread to over 2 million Facebook users have allegedly clicked on the infected “YouTube” link. To support their nefarious agenda, the malware creators have registered over 6,000 .tk websites for their malicious purposes. As of now, this trojan has successfully spread in Romania, the UK, Italy, France and Germany but with the click rate its is generating, it will soon be a global phenomenon.
Resource : Bitdefender