Story image

New malware scam using Facebook Messenger

19 Apr 2016

Digital security firm ESET is warning Facebook users of a common scam that sees attackers sending videos via Facebook Messenger through a user’s friend list. 

ESET says by using the potential victim’s current friend list to send the message, the hackers heavily increase their chances of successfully having the malware installed on their victims’ computer.

With the title “My first video”, “My video”, or “Private Video”, the malicious link can also tag various people from a victim’s friend list on a status and lures them into clicking on it.

According to ESET, if a user falls for the scam, they will be re-directed to a fake YouTube website and let you know to install an extension to successfully load the content:

“Sorry, if you don’t install Video Play plugin, you will not be able to watch the video! Click ‘Add Extension’ to watch the video”.

“It’s very concerning that this malicious link is targeting users directly through the messenger app, letting them think it is their friend sending a video,” says Nick FitzGerald, senior research fellow at ESET.

“Many users would think it is safe to click, but when the fake YouTube website comes up, they should not go any further,” he warns.

FitzGerald says if a victim clicks and installs the malicious plug-in, the browser they are using will become infected and continue to carry the infection with the same harmful content. 

This threat has now been detected as JS/Kilim.SO and JS/Kilim.RG by ESET and is only targeting Chrome users for now, but it might spread to other browsers in the future.

“Signs to watch for is massive tagging, weird titles and links targeted at you,” says FitzGerald. 
“If you eventually click on it, watch for the link name, the fake YouTube website as well as a pop up asking you to install an extension,” he explains. 

“The safest option here is just to message back your friend and ask if they meant to send that video or if their account has not been infected,” FitzGerald adds.

ESET has detected this threat more than 10,000 times in the past weeks spreading across Facebook users in the US, Canada, Australia, the UK, New Zealand, Russia, Singapore and many other regions.

“This malware is spreading very quickly over Facebook via Chrome browsers. There is a way to get rid of it however it may become more powerful and dangerous in the future with more capabilities to post messages, create pages, add friends and follow or unfollow profiles,” FitzGerald says.

“The best thing is to avoid clicking on any suspicious link and not download any plug ins coming from those links."

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.