Facebook virus/malware attack 2017
There are literally a dozen ways in which a cyber-crime can be committed, and sometime the most famous platforms on the internet are used as the tools for doing such crimes. And Facebook virus/malware attack is one fine example of such cases. Yes, Facebook you read it right, Last year in Aug 2017 cyber criminals used Facebook messenger service to spread a virus/malware among its users for their own greedy purpose.
This incident was reported by a senior security researcher at Kaspersky Lab’s named David Jacoby.
Jacoby wrote in a blog that the code behind this virus/malware campaign was “advanced and obfuscated”, or in more simple terms that the code was so powerful at that point of time that it was virtually impossible to track its origin and chain of command.
How this virus/malware was spread?
Victim received a message from one of his victim Facebook friend, as “<victims friend name> video” followed by a bit.ly link as shown in the image below:
As soon as the victim clicked the link he/she was redirected to a Google doc that displayed a dynamically generated video thumbnail which looked like a playable movie, from the victim friend ( Facebook friend) photo/video gallery.
After clicking on the fake video image, the virus/malware code comes into play and redirect victim to a set of websites depending on the operating system and browser installed victim’s machine.
Ex. If victim used Mozilla Firefox on windows he/she was redirected to a website that showed a fake flash player update notice forcing him/her to download a malicious software as shown in image below.
If victim used Google chrome he/she was redirected to a website that looks similar to YouTube, and displayed a fake error message forcing victim to download a malicious chrome extension.
Similarly, if victim was a MAC-OS user or Linux user they we redirected to other customized website from where they were forced to download and install malicious software into their machines.
Although the aim of attackers behind this campaign was not to infect users with any banking Trojan or exploit kits, but was to install adware into the victim’s machine to make a lot of money by generating revenue from ads.
Spam campaigns on Facebook are quite common. A few years ago, researchers found cyber criminals using booby trapped .JPG image files to hide their malware in order to infect Facebook users with variants of the Locky ransomware, which encrypts all files on the infected PC until a ransom is paid.
To keep yourself safe, you are advised not to get curious to look at images or video links sent by anyone, even your friend, without verifying it with them, and always keep your antivirus software up-to-date.