Story image

New malware scam using Facebook Messenger

19 Apr 16

Digital security firm ESET is warning Facebook users of a common scam that sees attackers sending videos via Facebook Messenger through a user’s friend list. 

ESET says by using the potential victim’s current friend list to send the message, the hackers heavily increase their chances of successfully having the malware installed on their victims’ computer.

With the title “My first video”, “My video”, or “Private Video”, the malicious link can also tag various people from a victim’s friend list on a status and lures them into clicking on it.

According to ESET, if a user falls for the scam, they will be re-directed to a fake YouTube website and let you know to install an extension to successfully load the content:

“Sorry, if you don’t install Video Play plugin, you will not be able to watch the video! Click ‘Add Extension’ to watch the video”.

“It’s very concerning that this malicious link is targeting users directly through the messenger app, letting them think it is their friend sending a video,” says Nick FitzGerald, senior research fellow at ESET.

“Many users would think it is safe to click, but when the fake YouTube website comes up, they should not go any further,” he warns.

FitzGerald says if a victim clicks and installs the malicious plug-in, the browser they are using will become infected and continue to carry the infection with the same harmful content. 

This threat has now been detected as JS/Kilim.SO and JS/Kilim.RG by ESET and is only targeting Chrome users for now, but it might spread to other browsers in the future.

“Signs to watch for is massive tagging, weird titles and links targeted at you,” says FitzGerald. 
“If you eventually click on it, watch for the link name, the fake YouTube website as well as a pop up asking you to install an extension,” he explains. 

“The safest option here is just to message back your friend and ask if they meant to send that video or if their account has not been infected,” FitzGerald adds.

ESET has detected this threat more than 10,000 times in the past weeks spreading across Facebook users in the US, Canada, Australia, the UK, New Zealand, Russia, Singapore and many other regions.

“This malware is spreading very quickly over Facebook via Chrome browsers. There is a way to get rid of it however it may become more powerful and dangerous in the future with more capabilities to post messages, create pages, add friends and follow or unfollow profiles,” FitzGerald says.

“The best thing is to avoid clicking on any suspicious link and not download any plug ins coming from those links."

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.