Facebook Messenger Spam Spreading Malicious Chrome Extensions, Adware
Beware Facebook Messenger users, as cybercriminals are targeting victims by spreading malware through links sent by their friends.
The malware campaign was discovered by David Jacoby, a senior security researcher in the global research and analysis team at Kaspersky Lab, who was himself targeted after a Facebook friend with whom he rarely interacts, sent a link to a purported video file in Messenger.
“After just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks,” David said.
So, how does this malware spread? Apparently, the malicious message containing a bit.ly or t.cn link and the name of the user plus the word “Video” arrives through one of your friends account on Messenger to make the potential victims believe that it is a legitimate video link. When the victim clicks on the link, it will take the user to a Google Docs page that has a screenshot photo of that Facebook friend. The message is made to look like a playable movie.
But when clicked on that video, the victim is redirected to external sites depending on their browser, location and operating system that ultimately attempt to lure them into installing the malware. This malicious software, if downloaded, will cause the victim to spread the virus to their contacts on Facebook Messenger.
“By doing this, it basically moves your browser through a set of websites and, using tracking cookies, monitors your activity, displays certain ads for you and even, in some cases, social engineers you to click on links,” Jacoby writes.
For example, a Google Chrome user is redirected to a fake YouTube page with a fake error message designed to push the user in downloading a malicious Chrome extension.
Meanwhile, on Firefox, the users get directed to a website displaying a fake Flash Update notice, which attempts to run a Windows executable to deliver the adware. Since this malware is cross-platform, it affects MacOS Safari too and offers the download of a .dmg file, which is also adware.
It is unclear how the malware spreads via Messenger.
“The initial spreading mechanism seems to be Facebook Messenger, but how it actually spreads via Messenger is still unknown. It may be from stolen credentials, hijacked browsers or clickjacking,” David speculated.
“The people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts,” said David.
“We know that clicking on unknown links is not recommended, but through this technique they basically force you to do so.
“Please make sure that you don’t click on these links, and please update your antivirus!,” added David.
When ZDNet got in touch with Facebook regarding the matter, a spokesperson for the social media giant said: “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook.
“If we suspect your computer is infected with malware, we will provide you with a free antivirus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.”