sb-nz logo
Story image

New malware scam using Facebook Messenger

Digital security firm ESET is warning Facebook users of a common scam that sees attackers sending videos via Facebook Messenger through a user’s friend list. 

ESET says by using the potential victim’s current friend list to send the message, the hackers heavily increase their chances of successfully having the malware installed on their victims’ computer.

With the title “My first video”, “My video”, or “Private Video”, the malicious link can also tag various people from a victim’s friend list on a status and lures them into clicking on it.

According to ESET, if a user falls for the scam, they will be re-directed to a fake YouTube website and let you know to install an extension to successfully load the content:

“Sorry, if you don’t install Video Play plugin, you will not be able to watch the video! Click ‘Add Extension’ to watch the video”.

“It’s very concerning that this malicious link is targeting users directly through the messenger app, letting them think it is their friend sending a video,” says Nick FitzGerald, senior research fellow at ESET.

“Many users would think it is safe to click, but when the fake YouTube website comes up, they should not go any further,” he warns.

FitzGerald says if a victim clicks and installs the malicious plug-in, the browser they are using will become infected and continue to carry the infection with the same harmful content. 

This threat has now been detected as JS/Kilim.SO and JS/Kilim.RG by ESET and is only targeting Chrome users for now, but it might spread to other browsers in the future.

“Signs to watch for is massive tagging, weird titles and links targeted at you,” says FitzGerald.  “If you eventually click on it, watch for the link name, the fake YouTube website as well as a pop up asking you to install an extension,” he explains. 

“The safest option here is just to message back your friend and ask if they meant to send that video or if their account has not been infected,” FitzGerald adds.

ESET has detected this threat more than 10,000 times in the past weeks spreading across Facebook users in the US, Canada, Australia, the UK, New Zealand, Russia, Singapore and many other regions.

“This malware is spreading very quickly over Facebook via Chrome browsers. There is a way to get rid of it however it may become more powerful and dangerous in the future with more capabilities to post messages, create pages, add friends and follow or unfollow profiles,” FitzGerald says.

“The best thing is to avoid clicking on any suspicious link and not download any plug ins coming from those links."

Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More
Story image
Microsoft brings endpoint & Azure security under Microsoft Defender
Microsoft Defender brings Microsoft 365 Defender and Azure Defender under the same umbrella.More
Story image
IT leaders fear increase risk of cyber attacks while working from home
More than 80% of IT leaders believe their company is at a greater risk of cyber attacks when their staff are working from home, according to new research. More