Users warned of dangerous and ‘advanced’ malware spreading through Facebook Messenger


If you receive a message on Facebook from what looks like one of your friends, you may want to think twice about opening it.

A security expert has revealed how hackers are spreading malware through Facebook Messenger.

The scam involves the hackers posing as friends of potential victims in order to trick them into clicking on a link that then installs malicious software onto their device.

The links look legitimate but send users to clones of popular websites such as YouTube, which are controlled by the hackers and are used to harvest information from the victim.

The technique, which is known as ‘clickjacking’ is spreading across the world’s largest social network and could be used to steal login credentials, passwords and hi-jack web browsers.

The threat was discovered by David Jacoby, a cyber security expert with Kaspersky Labs, who himself was a target.

Mr Jacoby revealed how he received a message from someone who he “very rarely” has contact with. The message included the words “David Video” alongside an emoji and a link.

“After just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks,” Mr Jacoby explained in a blog post.

“The initial spreading mechanism seems to be Facebook Messenger, but how it actually spreads via Messenger is still unknown. It may be from stolen credentials, hijacked browsers or clickjacking.”

According to Mr Jacoby, when the link is clicked on it redirects to a Google Doc that displayed what at first appeared to be a video and included a blurred picture taken from the victim’s Facebook page.

Clicking on the image then takes the victim to one of a number of fake webpages, which change depending on your browser, location and device.

Mr Jacoby explained that when the link was clicked on from Google Chrome he was taken to a clone of YouTube, which tried to make him install a malicious Chrome extension.

When using Safari and Firefox, he was directed to a site which displayed a notice to install an update for Adobe Flash.

“This technique is not new and has a lot of names,” Mr Jacoby explained.

“I would like to describe it as a domain chain, basically just a lot of websites on different domains redirecting the user depending on some characteristics. It might be your language, geo location, browser information, operating system, installed plugins and cookies.

“By doing this, it basically moves your browser through a set of websites and, using tracking cookies, monitors your activity, displays certain ads for you and even social engineers you to click on links.

“We all know that clicking on unknown links is not something that’s recommended, but through this technique they can basically force you to do so.”

“The people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts,” added Mr Jacoby.

“Please make sure that you don’t click on these links, and please update your antivirus!”


Comments are closed.