Severity scale:  
  (99/100)

Messenger virus. A new threat for Facebook users. (September 2020 update)

removal by Lucia Danes - -   Also known as Messenger virus | Type: Malware

Messenger virus – a threat that can infect your device with malware and take over your Facebook account

Facebook Messenger scamMessenger virus is a cyber infection that can relate to data theft

Facebook Messenger virus is a computer infection that is spread via this popular social media platform. The phishing campaign typically relies on previously compromised Facebook accounts – victims then receive messages from somebody on their friend list. Believing the message can be trusted, they click on a suspicious link or download a  booby-trapped file that executes the Messenger virus on the computer. Typically, such phishing messages are sent out in particular time intervals (once or twice a day).

The so-called Facebook Messenger video virus usually delivers a link, e.g., play_74841038.mp4.com, video_12855.bz, or a shortened bit.ly link, as well as a short message designed to capture victims' attention: “Is that you?” or “XXX video.” The embedded icon often represents the YouTube logo, so users have even less suspicious when clicking the link.

Questions about Facebook Message virus

Facebook Messenger virus is one of many different versions of Facebook virus and can represent a wide variety of malware, including cryptominers,[1] data-stealers, trojans (such as FormBook trojan) and other infections. It has been infecting users since at least 2013, although the new campaigns, using ever-shifting messages and phishing tactics, keep coming back regularly. Without a doubt, Facebook Messenger virus 2020 brings users just as much trouble as before, despite the tech giant attempting to reduce the number of infected victims by implementing new security features, such as two-factor authentication.

Name Facebook Messenger virus
Type Facebook virus
Category Malware; scam; spam
Active since 2013
Increased activity
  • October 27, 2017
  • August 25, 2017
  • April 10, 2018
  • December 5, 2018
  • June 20, 2019
  • July 27, 2020
  • September 2020
Symptoms Delivers questionable content, redirects, fake direct messages or notifications, malicious downloads, hyperlinks
Main danger Infects the system with other malware, exposes to malicious content and steals sensitive information (login credentials, financial data, etc.)
Distribution Messages with hyperlinks sent from compromised accounts
Avoidance tips

Creating complex passwords that conclude from at least 12 alphanumeric characters. Avoid clicking hyperlinks in suspicious messages. 

Removal Facebook Messenger virus removal depends on what type of infection threat actors were trying to spread. Nevertheless, most of the malware can be terminated with reputable anti-virus software like SpyHunter 5Combo Cleaner or Malwarebytes
Damage fix Trojans and worms can infect computer system files, which anti-virus cannot remediate. As a result, Windows might start crashing or returning multiple errors after malware is removed. To fix virus damage, scan your machine with PC repair tool ReimageIntego

Although Messenger virus has been doing the rounds of Facebook for years, it seems that it's on the rise again. Recently, the National Agency for Computer Security[2] and numerous other organizations[3] alerted Internet users about new cases of a Messenger virus and urged them to delete any suspicious messages immediately.

To answer the question, “can you get a virus through Facebook Messenger,” the short answer is yes. In some cases, this might result in a total Facebook account takeover and identity theft. However, it is also important to note that the infection can occur only if you interact with the message somehow, for example, click on the embedded link, download attachments or enter your login credentials on a spoofed website.

Main features you must know about Facebook Messenger virus

Social engineering ranges from complex and thought-out schemes to simple short messages. Both can be equally effective, and cybercriminals are well aware of that. It is also important to note that the Facebook platform was not accidentally picked up to spread the Facebook Messenger virus around – over 2.7 billion accounts were created so far, making it the biggest social media network worldwide.[4]

Facebook Messenger virus uses the chat platform to proliferate the infection. There are many ways how cybercriminals implement this technique – they simply make users believe that the link or a file attachment is legitimate since they are sent from somebody that they already know.

The latest Facebook Messenger virus contains the following details:

  • a profile picture
  • the name of the recipient
  • an active link
  • emoji

German cybersecurity experts[5] have expressed their concern over an active Facebook Messenger scam that is featuring video.bz link and the name of the potential victim, e.g. “[name of the recipient] Video :o”. Experts warn that this type of links can redirect to a site requiring to reconnect to Facebook. That's a catch to extort people's Facebook login details and, therefore, take over the account. 

With the purpose to hack victims' Facebook accounts, hackers also attack people via messenger window. They display a fake popup message from an individual who seems to be the victim's friend and show a link to some website.[6] If you click on this link, you will likely get redirected to a fake copy of Youtube or some other site which will suggest installing a browser add-on or software in order to view the content. If the victim agrees, the PC gets infected with malware, which additionally blocks security software in order to prevent its elimination.

The virus can also start sending a fake message to the victim’s contacts via the same Facebook chat windows. Please, ignore all suspicious messages that come to your inbox. Even more, contact the sender and ask about the picture or video if the messenger sent an attachment spam to you.

Facebook Messenger threatFacebook Messenger virus is an infection that can affect the user's privacy and computer stability

In 2016, French[7] computer users were attacked by A Facebook Messenger Trojan named “Eko”[8] that can spy on users and collect personally identifiable information. The same year English-speaking computer users suffered from the wave of messenger spam spreading a Facebook video virus. There were two examples of messages asking: “You are in this video? ” and “This is your video? .”

In 2017 a variant of Locky ransomware had been distributed with the help of Messenger too.[9] Criminals send a message with a picture in SVG format. Once people clicked on it, they were redirected to a website that asked to install the fake Chrome extension.[10] Installation of this application leads to the infiltration of a dangerous file-encrypting virus.

Another thing, which is usually done by Facebook Messenger virus, is the continuous distribution of itself via the victim’s social media account. You may ask why scammers create such viruses. It has been revealed that the virus helps to steal personal information, such as logins, banking data, and passwords, and controls the machine.

Facebook Messenger virus continued the work of previous variants in 2017. Victims receive a fake YouTube link from their contacts.[11] Once a person clicks on it, the virus redirects to a fake website that looks identical to Facebook. Here people are asked to enter their login details. As a result victim’s account is taken over by the hackers and the malicious message is forwarded to the whole victim’s contact list.

However, if you clicked on a malicious link already, you should remove Facebook Message virus immediately and change your account’s password. If you cannot set a new password, you should report about hacked account Facebook via Support Centre. What is more, you should also change passwords of other accounts, especially if you use the same one.

For Facebook Message removal, we suggest using SpyHunter 5Combo Cleaner or Malwarebytes. ReimageIntego can be used further to find corrupted system components and eliminate all errors on the system.

Facebook Messenger virus

April 10, 2018. Facebook Messenger virus emerges in a new form

The Facebook Messenger virus starts using the message made like that: “its you? (target's name) :|”. The deceptive messages contain a link to a video on a phishing web page. If the victim clicks on the link, s/he visits the malicious domain and then receives a notification asking to install “required software” to watch the video.

In case the victim fails to identify a scam and installs the suggested application or update, his computer gets entirely compromised, and the Facebook account gets hacked to send messages with the malicious video link to all of the victim's friends.

If you noticed Facebook Messenger video virus affecting one of your friends, do not ignore it! Let them know and suggest them to scan their computers to detect the malware. Also, consider advising them to post a message on their wall, asking people not to open the video. Spreading knowledge is the only way to put an end to Facebook scams and viruses that promote them.

New wave noticed on December 5, 2018

A new wave of the malicious virus was spotted on December 5, 2018. This time, the scammers are distributing shortened bit.ly link with a short note “[name of the recipient] Video.” Once clicked, the link redirects the victim to a Google Doc page, which contains a picture that was automatically taken from victim's social media page.

The picture looks like a movie, so the victim will likely click on the play button to start it. Sadly, the virus then redirects the victim to websites that determine the victim's browser type, geolocation, and other details.

Depending on the operating system, another redirect occurs. Experts report that Firefox users get redirected to a site offering fake Flash Player update, while Chrome users receive a prompt to install a malicious extension. People using Safari on Mac will receive a suggestion to install “the latest version of Media Player.”

After installing the malware, the user's account could get compromised and start sending the virus link to all friends automatically. However, it is yet unclear how exactly the virus spreads. The attackers might be using clickjacking attacks or spying software to steal victims' login details.

June 20, 2019. Security researchers report about new strings of the virus

Tunisian and German users are among the first ones to be alerted by authorities about the proliferation of Facebook Messenger virus. The report of the National Agency for Computer Security has been publicized yesterday addressing Tunisian netizens to be careful with Facebook Messages sent from a friend, which contains your name and a link to YouTube-looking video. 

At the same time, the German cybersecurity team, along with dieviren.de experts, reported the same problem on the German users' Facebook accounts. People should beware of catchy looking messages on Facebook Messenger from a friend, which contain the name, emoji, and a supposed-to-be link to YouTube video.

Such fake messages are used by hackers to redirect people to phishing websites and trick them into giving away their Facebook login name and password or downloading malicious programs disguised under fake Java, Flash Player updates, or other software.

International Financial Corporation Grant scam threatens users is 2020

While many online scams are revolving around Facebook Messenger work in a very similar pattern, malicious actors keep coming up with new ideas on how to implement them in a more efficient way.

Facebook Messenger virus is usually downloaded when users receive a brief message with no (or barely a few) words to spark the curiosity of the target. If not taking precautions, users can be immediately infected with malware, and not even realize that the occurrence took place in the first place, as many infections are known to be extremely stealthy and perform operations in the background.

Financial Grand scamFinancial Grand scam seeks to make you pay unsolicited money transfer fees

In early 2020, Facebook users were once again under attack, although this time, they were engaging in what it seems like a real conversation (whether a bot or not, the messages seem real). Just like previous times, users were receiving the Messenger scam message from seemingly somebody from a friend list – which means that the account of the person has been hacked before.

First, the users are asked how they are doing, and right after they presented with a rather interesting claim:[12]

Good, thanks. In fact, really good. Did you hear about the money I received from the International Financial Corporation Grant? You should apply, too, as they’re granting a lot of money before the end of their fiscal year end, coming up. Let me send you a link about it

Those who will proceed with the provided link will be redirected to a spoofing site, which will ask to provide personal information. Later on, a quick message will arrive, claiming that the grant of $80,000 has been approved, and all users have to do is transfer a “small” fee of $1,200 (can vary) into a particular account.

Without a doubt, if you encounter such a message, never click on a link and enter your personal details, as you might be infected malware or have your identity stolen by the International Financial Corporation Grant scam.

What to do when you get a suspicious message

You should remember that there is no way to get the Facebook Messenger virus on the computer randomly. This is the threat that gets spread around when malicious actors use some software development tools, promotional content, and misleading, deceptive messages to spread around on the social media platform. 

When there are riots or different themed-news surfacing around the web, many people believe every word they see on the internet, especially when the message is sent from the familiar person on the social media or text messaging application. Dodgy messages, spam, fraudulent emails, or scams – the content that we all receive on a daily basis. 

When many of users are stuck to their devices, it is hard t tell if you are being tricked into accessing something dangerous or not. This virus is a malicious social media campaign, so it is used to extort money or personal details from you and your friends.

The chain message uses various deceptive texts like “is that You“, so you would click on the link that leads to malicious material. You should never click on anything even a little bit suspicious even when you are curious. There are many chances that you will infect the machine with more vicious malware than this Messenger scam, so your account gets hacked and your friends receive the same message.

The first thing you need to do is to ignore any suspicious messages and delete the conversation, message, notification completely. this is how you can prevent the message from repeating because you may click it later on without thinking twice. You can install protective AV tools on the mobile device you use, so the Facebook Messenger threat or possible risk is avoided. Use the relevant app store and be sure to use proper tools for ensuring security.

The compromised accounts spread malware via Facebook Messenger

The virus can easily infect your computer with the help of an infected message that shows up on person-to-person chat. Typically, it offers to see a “shocking picture” or “exciting video.” Many users of this social network have been tricked by this scheme because this message looks like it was sent by one of the victim’s contacts.

Once a person clicks on the infected link, the virus enters the system. What is more, the same message is usually spread further to the victim’s contact list and tricking other users. Therefore, it’s a chain reaction that is nearly impossible to stop.

We want to remind you that the only way to protect your PC, Facebook account, and personal details are not to click suspicious links sent from your friends, colleagues, or family members. If you suspect that the content of the message seems suspicious, you should ask your friend if this link or file is safe to open.

Keep in mind that cybercriminals tend to reply to victims. However, if you know the person, it won’t be hard to identify that you are talking with a different person. Otherwise, you should ask yourself if a person you haven’t spoken in years actually wants to share a video or picture with you. Most likely not.

Messenger virusMessenger virus is a malicious strategy that can trick you into installing malware

Remove Facebook Messenger virus and protect your privacy

Nevertheless, virus on Facebook seems like spam; you should still check your computer’s state. Scanning a computer with an anti-malware program is especially recommended if you have clicked on a suspicious link or downloaded unknown content.

In order to remove Facebook Messenger virus, we suggest scanning the computer with SpyHunter 5Combo Cleaner or Malwarebytes. You can use ReimageIntego after the first removal stage to ensure that there is no virus damage left. However, you should not forget to update your preferred program.

Another important Facebook Messenger virus removal step is to change your password. If hackers took over your account, they might get credentials to email, bank, and other accounts. Thus, in order to protect your privacy, you should set a strong password. Keep in mind that good password:

  • is at least 12 characters long;
  • has numbers;
  • has the capital and lower-case letters;
  • has symbols (if allowed);
  • does not have your name, surname and other personal information included;
  • is not a dictionary word.
Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Protect your privacy – employ a VPN

There are several ways how to make your online time more private – you can access an incognito tab. However, there is no secret that even in this mode, you are tracked for advertising purposes. There is a way to add an extra layer of protection and create a completely anonymous web browsing practice with the help of Private Internet Access VPN. This software reroutes traffic through different servers, thus leaving your IP address and geolocation in disguise. Besides, it is based on a strict no-log policy, meaning that no data will be recorded, leaked, and available for both first and third parties. The combination of a secure web browser and Private Internet Access VPN will let you browse the Internet without a feeling of being spied or targeted by criminals. 

No backups? No problem. Use a data recovery tool

If you wonder how data loss can occur, you should not look any further for answers – human errors, malware attacks, hardware failures, power cuts, natural disasters, or even simple negligence. In some cases, lost files are extremely important, and many straight out panic when such an unfortunate course of events happen. Due to this, you should always ensure that you prepare proper data backups on a regular basis.

If you were caught by surprise and did not have any backups to restore your files from, not everything is lost. Data Recovery Pro is one of the leading file recovery solutions you can find on the market – it is likely to restore even lost emails or data located on an external device.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References
Removal guides in other languages