Messenger virus. A new threat for Facebook users. (June 2019)

Messenger virus — a malicious strategy used to infect devices via Facebook attachment spam

Messenger virus is a cyber infection that can relate to data theft

Facebook Messenger virus is a term used by users and security experts to describe a technique seeking to hijack the targeted Facebook account and send malicious links on behalf of the account's user. Attachment spam is generated on a particular schedule (once or twice a day) and distributed to all of the victim's friends automatically. The malicious virus mostly works as a Trojan horse or cryptominer^[1] and belongs to the wide group of the Facebook virus. The virus has been active since 2013 and updated several times since then because of the increased activity.

Questions about Facebook Message virus

• I have a hacker in my messenger account  11/08/19 1
• Infected by Facebook messenger spam  25/06/19 1
• How do I get rid of Facebook messenger virus?  30/01/19 1
• How to remove a video that’s going viral on Facebook messenger?  25/01/19 1
• I have a virus on my Messenger in my Facebook account  14/05/18 1

The operation principle: the infected Facebook Message delivers a shortened link, e.g. video.bz or video_12345.bz, and an intriguing phrase, e.g. is that you?, including the name of the recipient and a couple of emojis. The embedded link seems to be leading to a YouTube or video link. Once clicked, the malicious URL redirects to a phishing website filled with installers of the dangerous browser extension, fake Flash Player Updates, and similar content. 

Although Messenger virus has been doing the rounds of Facebook for years, it seems that it's on the rise again. Recently, the National Agency for Computer Security^[2] and numerous other organizations^[3] alerted Internet users against the new wave of a Facebook virus and urged them to delete any suspicious messages immediately. 

Main features you must know about Facebook Messenger virus

The latest Facebook Messenger virus contains the following details:

• a profile picture
• the name of the recipient
• an active link
• emoji

German cybersecurity experts^[4] have expressed their concern over an active Facebook Messenger scam that is featuring video.bz link and the name of the potential victim, e.g. “[name of the recipient] Video :o”. Experts warn that this type of links can redirect to a site requiring to reconnect to Facebook. That's a catch to extort people's Facebook login details and, therefore, take over the account. 

With the purpose to hack victims' Facebook accounts, hackers also attack people via messenger window. They display a fake popup message from an individual who seems to be the victim's friend and show a link to some website.^[5] If you click on this link, you will likely get redirected to a fake copy of Youtube or some other site which will suggest installing a browser add-on or software in order to view the content. If the victim agrees, the PC gets infected with malware, which additionally blocks security software in order to prevent its elimination.

The virus can also start sending the fake message to the victim’s contacts via the same Facebook chat windows. Please, ignore all suspicious messages that come to your inbox. Even more, contact the sender and ask about the picture or video if the messenger sent an attachment spam to you.

Facebook Messenger virus is an infection that can affect the user's privacy and computer stability

In 2016, French^[6] computer users were attacked by A Facebook Messenger Trojan named “Eko”^[7] that can spy on users and collect personally identifiable information. The same year English-speaking computer users suffered from the wave of messenger spam spreading a video virus. There were two examples of messages asking: “You are in this video? ” and “This is your video? .”

In 2017 a variant of Locky ransomware had been distributed with the help of Messenger too.^[8] Criminals send a message with a picture in SVG format. Once people clicked on it, they were redirected to a website that asked to install the fake Chrome extension.^[9] Installation of this application leads to the infiltration of a dangerous file-encrypting virus.

Another thing, which is usually done by Facebook Messenger virus, is the continuous distribution of itself via the victim’s social media account. You may ask why scammers create such viruses. It has been revealed that the virus helps to steal personal information, such as logins, banking data, and passwords, and controls the machine.

Facebook Messenger virus continued the work of previous variants in 2017. Victims receive a fake YouTube link from their contacts.^[10] Once a person clicks on it, the virus redirects to a fake website that looks identical to Facebook. Here people are asked to enter their login details. As a result victim’s account is taken over by the hackers and the malicious message is forwarded to the whole victim’s contact list.

Facebook Messenger virus is a scam that might convince users to enter infectious hyperlinks

However, if you clicked on a malicious link already, you should remove Facebook Message virus immediately and change your account’s password. If you cannot set a new password, you should report about hacked account Facebook via Support Centre. What is more, you should also change passwords of other accounts, especially if you use the same one.

For Facebook Message removal, we suggest using SpyHunter 5Combo Cleaner or Malwarebytes. Reimage Reimage Cleaner can be used further to find corrupted system components and eliminate all errors on the system.

April 10, 2018. Facebook Messenger virus emerges in a new form

The Facebook Messenger virus starts using the message made like that: “its you? (target's name) :|”. The deceptive messages contain a link to a video on a phishing web page. If the victim clicks on the link, s/he visits the malicious domain and then receives a notification asking to install “required software” to watch the video.

In case the victim fails to identify a scam and installs the suggested application or update, his computer gets entirely compromised, and the Facebook account gets hacked to send messages with the malicious video link to all of the victim's friends.

If you noticed Facebook Messenger video virus affecting one of your friends, do not ignore it! Let them know and suggest them to scan their computers to detect the malware. Also, consider advising them to post a message on their wall, asking people not to open the video. Spreading knowledge is the only way to put an end to Facebook scams and viruses that promote them.

New wave noticed on December 5, 2018

A new wave of the malicious virus was spotted on December 5, 2018. This time, the scammers are distributing shortened bit.ly link with a short note “[name of the recipient] Video.” Once clicked, the link redirects the victim to a Google Doc page, which contains a picture that was automatically taken from victim's social media page.

The picture looks like a movie, so the victim will likely click on the play button to start it. Sadly, the virus then redirects the victim to websites that determine the victim's browser type, geolocation, and other details.

Depending on the operating system, another redirect occurs. Experts report that Firefox users get redirected to a site offering fake Flash Player update, while Chrome users receive a prompt to install a malicious extension. People using Safari on Mac will receive a suggestion to install “the latest version of Media Player.”

After installing the malware, the user's account could get compromised and start sending the virus link to all friends automatically. However, it is yet unclear how exactly the virus spreads. The attackers might be using clickjacking attacks or spying software to steal victims' login details.

June 20, 2019. Security researchers report about new strings of the virus

Tunisian and German users are among the first ones to be alerted by authorities about a proliferation of Facebook Messenger virus. The report of National Agency for Computer Security has been publicized yesterday addressing Tunisian netizens to be careful with Facebook Messages sent from a friend, which contain your name and a link to YouTube-looking video. 

At the same time, German cybersecurity team, along with dieviren.de experts, reported the same problem on the German users' Facebook accounts. People should beware of catchy looking messages on Facebook Messenger from a friend, which contain the name, emoji, and a supposed-to-be link to YouTube video.

Such fake messages are used by hackers to redirect people to phishing websites and trick them into giving away their Facebook login name and password or downloading malicious programs disguised under fake Java, Flash Player updates or other software. 

The compromised accounts spread malware via Facebook Messenger

The virus can easily infect your computer with the help of infected message that shows up on person-to-person chat. Typically, it offers to see a “shocking picture” or “exciting video.” Many users of this social network have been tricked by this scheme because this message looks like it was sent by one of the victim’s contacts.

Once a person clicks on the infected link, the virus enters the system. What is more, the same message is usually spread further to the victim’s contact list and tricking other users. Therefore, it’s a chain reaction that is nearly impossible to stop.

We want to remind that the only way to protect your PC, Facebook account and personal details are not to click suspicious links sent from your friends, colleagues or family members. If you suspect that the content of the message seems suspicious, you should ask your friend if this link or file is safe to open.

Keep in mind that cybercriminals tend to reply to victims. However, if you know the person, it won’t be hard to identify that you are talking with a different person. Otherwise, you should ask yourself if a person you haven’t spoken in years actually wants to share a video or picture with you. Most likely not.

Remove Facebook Messenger virus and protect your privacy

Nevertheless, virus on Facebook seems like spam; you should still check your computer’s state. Scanning computer with an anti-malware program is especially recommended if you have clicked on a suspicious link or downloaded unknown content.

In order to remove Facebook Messenger virus, we suggest scanning the computer with SpyHunter 5Combo Cleaner or Malwarebytes. You can use Reimage Reimage Cleaner after the first removal stage to ensure that there is no virus damage left. However, you should not forget to update your preferred program.

Another important Facebook Messenger virus removal step is to change your password. If hackers took over your account, they might get credentials to email, bank, and other accounts. Thus, in order to protect your privacy, you should set a strong password. Keep in mind that good password:

• is at least 12 characters long;
• has numbers;
• has capital and lower-case letters;
• has symbols (if allowed);
• does not have your name, surname and other personal information included;
• is not a dictionary word.

Reimage review | Terms of Use | Privacy policy | Refund Policy | Press | Uninstall guide Reimage review | Terms of Use | Privacy policy | Refund Policy | Press | Uninstall guide