Cyber criminals are spreading malware through Facebook, by posing as friends of their victims. They are sending dodgy links to users through Messenger, which leads to fake, but very convincing legitimate-looking websites like YouTube. The pop-up message on these sites then encourage the targets to download malicious software. (without them knowing)
The malware campaign was spotted by Kaspersky security researcher David Jacoby, who was a target himself. He said he received a Facebook message from a person he “very rarely” speaks to, comprising the words “David Video”, a shocked emoji and a bit.ly link.
“After just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks,” he said. According to Mr Jacoby, the link leads to a Google Doc that displays what looks like a playable video, using a blurred-out picture taken from the victim’s Facebook page.
Clicking this takes you to one of a number of websites, which can change depending on your browser, location and operating system. On Firefox and Safari, meanwhile, he was taken to a site displaying a fake Flash Update notice.
“The people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts,” added Mr Jacoby.
Please make sure that you don’t click on these links, and please update your antivirus! If you were a victim, make sure to update your password and go to the Facebook Help Center to learn how to recognize, remove and prevent malware from taking over your profile!