3

Beware of a new virus being spreading through Facebook Messenger

Researches have found a new virus that affects Windows, MacOS, and Linux and is being spread through Facebook messenger. This virus can be sent from a friend as well as a stranger, so if you receive any Facebook message with a video link sent by anyone, even your friend — don’t click on it.

How this virus works

This virus send a Facebook message containing a video link that redirects the recipient to a fake website, which lures them to install malicious software. Although it is still unclear how the malware spreads, researchers believe spammers are using compromised accounts, hijacked browsers, or clickjacking techniques to spread the malicious link, meaning that these messages can come from your friends, and potentially compromise your account in return, further spreading the virus.

According to The Hacker News“The attackers make use of social engineering to trick users into clicking the video link, which purports to be from one of their Facebook friends, with the message that reads “< your friend name > Video” followed by a bit.ly link, as shown.”

The Hacker News

 

Once you click the URL, you will be brought to a Google Doc that looks like it contains a video, as such:

The Hacker News

 

Keep in mind that the video image can vary from the example above, rather it will be related to the image sent in the Messenger link preview.

From there, once the image is clicked you will be redirected to another landing page that is customized based on your browser and operating system. This will then result in a very believable pop up, for example, in this image the pop up prompts you to update Flash – not an unreasonable request, but in this instance – another landing page to the virus:

 

The Hacker News

 

Once clicked, you are again redirected to yet another page that looks exactly like YouTube, but is another virus landing page. Now this is the critical page that actually installs the virus as a chrome extension.

The Hacker News

 

Typically, these viruses infect users with a banking Trojan or exploit kits, however these attacks are different, as they use adware to funnel money by generating revenue from Facebook ads.

How to keep yourself safe

We always advise people to be wary when clicking any strange link, whether it is in an email, a suspicious website, and now even on Facebook Messenger. If it’s a friend and you’re uncertain if you should actually click the link, try calling or messaging that friend through a different means other than Facebook messenger. Sure, it’s a bit tedious, but it’s better to be safe than sorry! After all, if you end up downloading this virus, you could risk spreading it to your friends in return through your own Facebook Messenger, and no one wants that.