Facebook video virus – a scam campaign tricking users into installing malware or questionable applications
Facebook video virus a group of fake video links that are being sent via Messenger or posted on News Feed.
Facebook video virus is the malware that infects systems with other malicious programs via malicious hyperlinks and content directly on a deceptive message. This campaign is related to Facebook virus and cannot be implemented without the fake messages containing videos and other content or even direct links and file attachments. Malware poses a serious danger because it can steal passwords, various credentials, and personal information. Beware that there are numerous Facebook scams that can lead to identity theft or loss of huge amounts of money.
Questions about Facebook video virus
Facebook video virus is a term used to describe a wide group of cyber infections spreading on the world’s largest social network. Various variations of the malware are known for a couple of years. However, in 2019, researchers reported about increased activity of:
- Private video Facebook virus
- Exclusive video Facebook virus
- Special Video Facebook virus
|Summary of the cyber threat|
|Name||Facebook video virus|
|Danger level||High. Might hack the Facebook account, steal credentials or identity, install malware on the computer or smartphone|
|Targeted OS||Windows, Mac OS X, iOS, Android|
|Affected browsers||Google Chrome, Mozilla Firefox, Safari|
|Distribution||Malicious links sent via Messenger or posted on the News Feed, fake browser extensions|
|Most popular versions||Private video Facebook virus, Exclusive video Facebook virus and Special video Facebook virus|
|Use Reimage for Facebook video virus removal and change your account’s password immediately|
Despite several differences, all version of this cyber threat spread as a fake video link via Messenger or on the News Feed. Once clicked, it redirects to a malicious site where victims are asked to install a specific plugin which leads to the hijacked account and continues sending the same message automatically on behalf of the victim.
This cyber threat is one of the versions of the Facebook virus and is closely related to Facebook Messenger virus because malicious video links are usually being spread via this communication app. However, Facebook video virus might post obfuscated links on the News Feed too.
Typically, the malicious link is followed by a short message that includes these words:
- My video
- My first video
- Private video
- Exclusive video
- Special video
Cybercriminals usually use spoofed links that trick users that received link are from YouTube or other popular websites. However, after being clicked, this link redirects its victim to a malicious website seeking to infect a device. Usually, this site asks to install some Google Chrome or Mozilla Firefox extension or update. Once they do that, the virus hijacks the Facebook account and spreads the same malicious message to the victim’s friend list.
Users are warned to be careful with received messages and do not open any malicious link. However, if you already did it, you should remove Facebook video virus ASAP. No matter that malware spreads on a social network, once you clicked the link or installed a particular plugin, malicious components might be installed to your device. Thus, you run a full system scan with Reimage or another security program.
Facebook video virus might affect all devices that run on Windows, Mac OS X, iOS, and Android operating systems. Thus, if you have clicked on a malicious link and installed some component, make sure you do not open your Facebook account using another device. If you did so, please check it with anti-malware software as well.
Facebook video virus is a cyber threat that aims to trick users into installing malicious extensions or programs to their devices.
2019. The recovery of “Special” and “Exclusive” video viruses
First detected in August 2017, Facebook special video virus came back in June 2019. This version of the virus spreads and acts similarly like other cyber threats that belong to this category. Users either receive a message from their Facebook contacts or get tagged in a post that includes a link to “Special” or “Exclusive” video. Some variations of this hoax include the victim’s name and emoji.
Originally, the virus mostly attacks users in English; however, Special Video Facebook virus “speaks” to the users with their own languages. Active distribution campaigns were reported in the Netherlands, Spain, Germany, Lithuania, and other European countries. When users click on the affected link, they are redirected to a malicious link which might redirect to different websites based on victim’s location, browser, and operating system or other details.
Mozilla Firefox users on both Mac and Windows operating systems are redirected to a website that asks to install Flash Player. However, instead of installing the program, users install adware or even malware to the PC. Safari users might be redirected to the malicious website that asks to download Flash Media Player download site. If Mac users click “Install” button, they download .dmg file directly to their computer, which is nothing else but adware.
Facebook video virus might also post malicious links on the News Feed.
Meanwhile, Chrome users are redirected to fake YouTube website that requires installing a malicious extension called “GitHub Real Names,” “Dictionario” and others. According to the recent data, this extension works as an adware and tries to collect user’s Facebook account information. When users install this malicious add-on, the virus hacks the account spread the same video message to all his or her contact list.
Researchers reported that Exclusive Video Facebook virus is actively spreading in Argentina. The virus posts a compromised video link on Facebook News Feed on behalf of the hacked account and tags a dozen of people in the post.
The malicious link has a title “Exclusive Video” or “Special Video” and the picture of the victim. The link behind the post seems to redirect to storage.googleapis.com or a similar site, but in reality, it tricks users into visiting a compromised site. It looks similar to YouTube but asks to install Google Chrome extension in order to see the video. However, instead of installing a needed plugin, people download data-stealing malware that also floods the affected browser with ads.
Therefore, it’s crucial to get rid of Facebook video virus immediately and change your passwords. We have provided instructions on how to uninstall malicious Chrome or Firefox extensions at the end of the article. It is reported that these nasty extensions cannot be deleted that easily.
Facebook video virus often delivers shocking or explicit video links.
Some versions of Facebook video virus lead to the fake Ace Stream Web extension
One of the firsts versions of Facebook video virus spread on the News Feed (former Timeline). It automatically shares new posts that are titled as “My private video,” “My first video,” or “Private video.” Virus tags about 20 friends in the post, attempting to draw other Facebook users’ attention.
Although some researchers claim that all you need to do is to remove suspicious browser extensions from the web browser, such explanation is not precise enough. In fact, we have discovered that Facebook video malware shuts down the open browser tabs and opens a new window when the victim attempts to open “Extensions” settings.
Obviously, this virus tries to prevent the user from deleting the malicious browser extension. We have discovered that the browser extension related to this virus was Ace Stream Web Extension. However, before you can remove this extension, you have to find and eliminate components related to this extension from your computer system. First of all, we recommend you to open Windows Task Manager (Control+Alt+Delete) and review all suspicious processes on the computer.
The computer that we have tested had an ace_engine.exe process running on it, which appeared to be responsible for browser’s malfunction when trying to access the “Extensions” panel. However, that is not the end; we have also discovered that there was Ace Stream Media 3.1.0 installed on the system, which was also related to Facebook video virus.
After uninstalling this program and ending ace_engine.exe process, you can finally access browser settings and delete Ace Stream Web Extension from the Extensions section. We must say that this virus can be related to other programs and browser extensions since the official version of Ace Stream is NOT a malicious program.
Cyber criminals often tend to corrupt legitimate programs by adding malicious components to them and spread them on the Internet. We also recommend you to review and delete all suspicious FB applications that you have recently given permissions to access your Facebook account.
Facebook video virus sends a link that redirects to a compromised website that asks to install a specific browser extension.
Spoofed links are actively used to generate Facebook users' clicks
In October 2017, security researcher Barak Tawily discovered a flaw that allows attackers spoofing links. Facebook always scans the shared link and looks for the Open Graph meta tags that allow showing the title of the link, description, image, and URL. For this reason, Facebook checks “og:url,” “og:image” and “og:title” tags and displays previously mentioned entries.
The problem might occur when attackers decide to replace one of these components even though pages do not have editing feature since the July 2017, when it was banned to reduce the amount of fake news and scams. However, the detected flaw still allows modifications. The issue is that Facebook does not check if the link in “og:url” tag actually redirects to the particular website. Therefore, scammers can enter whatever domain they want and hide it under YouTube's or other popular video streaming website's name.
It didn't take long for the social media giant to disable this feature. However, cybercriminals are continuously working on new techniques to bypass Facebook's security and spread malicious content. Therefore, it's important to be cautious when using this social network and does not rush clicking any links.
Facebook video virus usually includes target's name in the message.
Tips to avoid Facebook video virus
The virus spreads so quickly because the majority of Facebook users fail to identify these posts and messages as deceptive and malicious content. You should NEVER click on posts or links that your friends send to you if you have even the slightest suspicion that your friend would not share such content on Facebook.
Unfortunately, many computer users click on such content EXACTLY because they cannot believe that their friend has shared such post. Unfortunately, clicking on these malicious video links downloads malware into the computer that takes control over the victim’s Facebook account.
- To avoid Facebook video virus infiltration, you should not click on suspicious posts or links sent by your friends. If such content raises your suspicion, ask your friend whether he/she shared it by their choice.
- Another thing you should know is that videos shared on this social network (no matter if they are uploaded directly to the site or if they are shared via Youtube) play after you click on them. If after clicking on a video you are redirected to some suspicious website that asks you to provide permission to access your Facebook timeline or to download an application to your computer, most likely that Facebook post contained a malicious link.
- You may also install a virus along with other free programs. We strongly recommend you to avoid downloading software from questionable file sharing websites, because you risk downloading a bundled software. Bundled software is basically a pack of programs, which includes one main program and several optional downloads that can be installed alongside the main program. These optional downloads usually appear to be dangerous applications, so it is advisable to opt them out. You can do that via Advanced/Custom installation settings.
Facebook video virus removal guide
To remove the Facebook video virus completely, you have to employ professional security software, such as Reimage or SpyHunterCombo Cleaner. Malware might install or trick you into installing malicious files, browser extensions or fake plugins to the computer and web browsers. Manual detection and elimination of these components might be complicated because the virus might block access to browser extensions or reinstall itself once you access your Facebook account.
However, if you are still willing to remove the virus manually, you have to delete all suspicious components from the computer and web browsers. You should also reset the browsers in order to make sure that all malicious components were uninstalled entirely.
After Facebook video virus removal, you must reset the Facebook password. Besides, you should also change the passwords of other accounts. The malware is capable of tracking user's login data, so cybercriminals may have gotten access to other accounts as well.