New malware scam using Facebook Messenger
Digital security firm ESET is warning Facebook users of a common scam that sees attackers sending videos via Facebook Messenger through a user’s friend list.
ESET says by using the potential victim’s current friend list to send the message, the hackers heavily increase their chances of successfully having the malware installed on their victims’ computer.
With the title “My first video”, “My video”, or “Private Video”, the malicious link can also tag various people from a victim’s friend list on a status and lures them into clicking on it.
According to ESET, if a user falls for the scam, they will be re-directed to a fake YouTube website and let you know to install an extension to successfully load the content:
“Sorry, if you don’t install Video Play plugin, you will not be able to watch the video! Click ‘Add Extension’ to watch the video”.
“It’s very concerning that this malicious link is targeting users directly through the messenger app, letting them think it is their friend sending a video,” says Nick FitzGerald, senior research fellow at ESET.
“Many users would think it is safe to click, but when the fake YouTube website comes up, they should not go any further,” he warns.
FitzGerald says if a victim clicks and installs the malicious plug-in, the browser they are using will become infected and continue to carry the infection with the same harmful content.
This threat has now been detected as JS/Kilim.SO and JS/Kilim.RG by ESET and is only targeting Chrome users for now, but it might spread to other browsers in the future.
“Signs to watch for is massive tagging, weird titles and links targeted at you,” says FitzGerald. “If you eventually click on it, watch for the link name, the fake YouTube website as well as a pop up asking you to install an extension,” he explains.
“The safest option here is just to message back your friend and ask if they meant to send that video or if their account has not been infected,” FitzGerald adds.
ESET has detected this threat more than 10,000 times in the past weeks spreading across Facebook users in the US, Canada, Australia, the UK, New Zealand, Russia, Singapore and many other regions.
“This malware is spreading very quickly over Facebook via Chrome browsers. There is a way to get rid of it however it may become more powerful and dangerous in the future with more capabilities to post messages, create pages, add friends and follow or unfollow profiles,” FitzGerald says.
“The best thing is to avoid clicking on any suspicious link and not download any plug ins coming from those links."