Did a random friend send you an intriguing link from out of nowhere? Tread with caution because that might just be Facebook Messenger malware in disguise. It looks like cyber felons are at it again. This time, they’re using Facebook Messenger to spread adware and dupe victims with suspicious redirections to fake versions of popular websites.
It’s no ordinary ploy, though. This particular adware campaign uses social engineering to trick victims into installing malware.
Multi-Platform Facebook Messenger Malware
A security researcher at Kaspersky Lab, David Jacoby, uncovered a malware attack after receiving a suspicious Facebook message (from a contact). The message, according to his analysis, served a multi-platform malware/adware that uses tons of domains to prevent tracking and earn clicks.
He suggests the malicious messages are sent from Messenger accounts that have already been compromised. Meaning, those accounts may have already had their credentials stolen or their browsers hijacked.
Cleverly Disguised Attack
David admits that the code behind the spreading Facebook Messenger malware is advanced and obfuscated. The initial attack is fairly simple, though.
A user is sent a message by someone they presumably know. If the potential victim knows the sender well, it’s highly likely he or she may trust what was sent. Once they make the mistake of clicking the attached link (the content often in the form of memes, videos, and other juicy content), the problem begins.
The Facebook Messenger Malware Attack Deconstructed
In David Jacoby’s documented attack, he reports getting sent a message saying “David Video”. Potential victims, indeed, are sent a message composed of their name, the word “Video”, and a shocked emoji face.
The message often contains a shortened URL that leads to a Google Doc, which shows a blurred photo taken from the person’s FB profile. The said content is usually made to look like a playable movie.
Once the victim bites the bait, the malware sends him/her to one among a number of different websites, depending on their operating system (OS), browser, location, and other variables. Upon arriving at the intended destination, the landing site will tempt the target to install a disguised adware.
Varied Point of Attack
The Facebook Messenger malware exhibits uncanny complexity as it will attack various users differently. It deploys a variety of strategy, depending on the user’s OS.
A Safari user will be directed to a site showing a bogus Flash Update. He or she may then be offered to download a .dmg file, which is actually adware. Similarly, Firefox users are brought to a website displaying a fake Flash Update notice. If the user falls for the ruse, the malware will run a Windows executable to deliver the adware.
Google Chrome users, on the other hand, are sent to a portal that closely resembles YouTube. The bogus site comes complete with the official logo and branding, too. It sure can easily fool anyone who doesn’t pay close attention to the URL. They’re then served a fake error message that’ll download a malicious Chrome extension when clicked.
A Moneymaking Scheme
Machines compromised by the adware will risk having their browser activity tracked (via cookies). The same computers will be used to display targeted ads all over the WWW, too. In some cases, the adverts will even use social engineering to dupe potential victims into clicking them.
Keep in mind that every click on those ads will generate revenue for the mastermind of this unscrupulous ploy. And judging by the sheer number of Facebook Messenger users (1.2. billion users in a month), the guy has more than enough target to make a fortune in a short span of time.
Jacoby, nevertheless, surmised that the brains behind this Facebook Messenger malware may already be making a ton of money as it is. Not only that, they are getting access to a lot of FB accounts, too. Unfortunately, there’s little information about this shady campaign and those behind it.
Facebook’s Response
In the light of such alarming news, a Facebook spokesperson issued this statement: “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook.”
“If we suspect your computer is infected with malware, we will provide you with a free antivirus scan from our trusted partners,” the statement says. “We share tips on how to stay secure and links to these scanners on facebook.com/help.”
Staying Safe on Facebook
No doubt, the social media platform is a great avenue to connect with friends and share content. Remember, though, that malware has infiltrated its vast halls and anyone could fall victim to their cleverly made traps.
To keep malicious software at bay while you’re on Facebook, heed these precautionary measures:
Mind everything you click
iPad giveaways, billionaires sharing a fortune (via chain emails), or pornographic links—click-baits like these are often the work of malware. Use your common sense and resist clicking on anything too good to be true.
Review the permissions an app asks for
Most websites nowadays allow you to use FB credentials to log in. As convenient as this might be in practice, don’t trust every app that asks you to authorize access to your account because many of them are scammers and rogue applications in disguise.
Limit your friends list to people you know
Don’t be too quick to accept friend requests from complete strangers. If you opened your doors to junk accounts, they could be posting shady links on your wall or sending you malicious content. Keep your circle small and tightly knit.
Have 2FA feature turned on
Keeping your account secure is the best way to protect your account (as well as your friends) from malware/adware infections. An easy way to do this is to turn on two-factor authentication (2FA), which is a security method that requires a two-step process to prove your identity. It may be a little hassle going through it every time, but you’d rather be flustered than compromised.
Has an old pal sent you a suspicious link on Facebook Messenger? Tell them their account may be compromised. By keeping an eye out for everyone you know, we all do our part to foil every mischievous ploy crooks put out there.