Did a random friend send you an intriguing link from out of nowhere? Tread with caution because that might just be Facebook Messenger malware in disguise. It looks like cyber felons are at it again. This time, they\u2019re using Facebook Messenger to spread adware and dupe victims with suspicious redirections to fake versions of popular websites.<\/p>\n\n\n\n
It\u2019s no ordinary ploy, though. This particular adware campaign uses social engineering to trick victims into installing malware.<\/p>\n\n\n\n
A security researcher at Kaspersky Lab, David Jacoby, uncovered a malware attack after receiving a suspicious Facebook message (from a contact). The message, according to his analysis, served a multi-platform malware\/adware that uses tons of domains to prevent tracking and earn clicks.<\/p>\n\n\n\n
He suggests the malicious messages are sent from Messenger accounts that have already been compromised. Meaning, those accounts may have already had their credentials stolen or their browsers hijacked.<\/p>\n\n\n\n
David admits that the code behind the spreading Facebook Messenger malware is advanced and obfuscated. The initial attack is fairly simple, though.<\/p>\n\n\n\n
A user is sent a message by someone they presumably know. If the potential victim knows the sender well, it\u2019s highly likely he or she may trust what was sent. Once they make the mistake of clicking the attached link (the content often in the form of memes, videos, and other juicy content), the problem begins.<\/p>\n\n\n\n
In David Jacoby\u2019s documented attack, he reports getting sent a message saying \u201cDavid Video\u201d. Potential victims, indeed, are sent a message composed of their name, the word \u201cVideo\u201d, and a shocked emoji face.<\/p>\n\n\n\n
The message often contains a shortened URL that leads to a Google Doc, which shows a blurred photo taken from the person\u2019s FB profile. The said content is usually made to look like a playable movie.<\/p>\n\n\n\n
Once the victim bites the bait, the malware sends him\/her to one among a number of different websites, depending on their operating system (OS), browser, location, and other variables. Upon arriving at the intended destination, the landing site will tempt the target to install a disguised adware.<\/p>\n\n\n\n
The Facebook Messenger malware exhibits uncanny complexity as it will attack various users differently. It deploys a variety of strategy, depending on the user\u2019s OS.<\/p>\n\n\n\n
A Safari user will be directed to a site showing a bogus Flash Update. He or she may then be offered to download a .dmg file, which is actually adware. Similarly, Firefox users are brought to a website displaying a fake Flash Update notice. If the user falls for the ruse, the malware will run a Windows executable to deliver the adware.<\/p>\n\n\n\n
Google Chrome users, on the other hand, are sent to a portal that closely resembles YouTube. The bogus site comes complete with the official logo and branding, too. It sure can easily fool anyone who doesn\u2019t pay close attention to the URL. They\u2019re then served a fake error message that\u2019ll download a malicious Chrome extension when clicked.<\/p>\n\n\n\n
Machines compromised by the adware will risk having their browser activity tracked (via cookies). The same computers will be used to display targeted ads all over the WWW, too. In some cases, the adverts will even use social engineering to dupe potential victims into clicking them.<\/p>\n\n\n\n
Keep in mind that every click on those ads will generate revenue for the mastermind of this unscrupulous ploy. And judging by the sheer number of Facebook Messenger users (1.2. billion users in a month), the guy has more than enough target to make a fortune in a short span of time.<\/p>\n\n\n\n
Jacoby, nevertheless, surmised that the brains behind this Facebook Messenger malware may already be making a ton of money as it is. Not only that, they are getting access to a lot of FB accounts, too. Unfortunately, there\u2019s little information about this shady campaign and those behind it.<\/p>\n\n\n\n
In the light of such alarming news, a Facebook spokesperson issued this statement: \u201cWe maintain a number of automated systems to help stop harmful links and files from appearing on Facebook.\u201d<\/p>\n\n\n\n