Spoofing links allow spreading Facebook video virus
Facebook video virus is a version of the Facebook virus that is designed to send malicious video link via Messanger. When user's account is compromised, he or she starts sending automatic messages asking other people to see the video link. This cyber threat is known for a couple of years and has different versions.
On August 2017, computer users report about a new wave of Facebook virus that includes victim’s name, word “video,” emoji and a link, for instance, “David video [emoji] [short-link]. This version of virus spreads worldwide and attacks users in their own language.
On October, researchers spotted that scammers might take advantage of social network's flaw that allows spoofing links in order to trick users that received link is from YouTube or other popular websites. However, it actually redirects to a malicious website.
The virus is closely associated with Facebook Messenger virus, which tends to send out malicious video links to all victim's friends and ask them to open a dangerous file. Once they do that, they might be asked to install malicious plugin or update. If the victim agrees to do it, the virus might infiltrate the device, hijack Facebook account and spread the same malicious message to victim’s friend list.
Users are warned to be careful with received messages and do not open any malicious link. However, if you already did it, you should remove Facebook video virus ASAP. No matter that malware spreads on a social network, once you clicked the link or installed a particular plugin, malicious components might be installed to your device. Thus, you run a full system scan with Reimage or another security program.
Spoofing links helps to spread Facebook video virus
On October 2017, security researcher Barak Tawily discovered a flaw that allows attackers spoofing links. Facebook always scans the shared link and looks for the Open Graph meta tags that allows showing the title of the link, description, image, and URL. For this reason, Facebook checks “og:url,” “og:image” and “og:title” tags and displays previously mentioned entries.
The problem might occur when attackers decide to replace one of these components even though pages do not have editing feature since the July 2017 when it was banned in order to reduce the amount of fake news and scams. However, the detected flaw still allows modifications. The issue is that Facebook does not check if the link in “og:url” tag actually redirects to the particular website.
Therefore, scammers can enter whatever domain they want and hide it under YouTube's or other popular video streaming website's name.
Facebook was reported about the issue, but the company declined the problem. According to social giant, their “Links Him” system works perfectly to block malicious links from appearing on Facebook. However, security experts have doubts about that. For this reason, users are advised to be careful and do not rush opening any video links that appear on their timeline or Messanger.
Update August 2017: Facebook video virus spread via Google Chrome extensions
The new wave of spam hit Facebook users on August. This version of virus spreads similarly like the previous ones. Victims receive a message sent from one of their Facebook contacts. The malicious message includes a link, which is followed by victim’s name, emoji and a word “video.”
Previously, Facebook video virus mostly attacked users in English; however, this time malware “speaks” to the users with their own languages. Active distribution campaigns were reported in the Netherlands, Spain, Germany, Lithuania, and other European countries.
When users click on the affected link, they are redirected to a malicious link. According to the latest research data, users might end up on the different sites based on their location, browser and operating system or other details.
Mozilla Firefox users on both Mac and Windows operating systems are redirected to a website that asks to install Flash Player. However, instead of installing the program, users install adware or even malware to the PC.
Safari users might be redirected to the malicious website that asks to download Flash Media Player download site. If Mac users click “Install” button, they download .dmg file directly to their computer, which is nothing else but adware.
Meanwhile, Chrome users are redirected to fake YouTube website that requires installing a malicious extension called “GitHub Real Names,” “Dictionario” and others. According to the recent data, this extension works as an adware and tries to collect user’s Facebook account information. When users install this malicious add-on, the virus hacks the account spread the same video message to all his or her contact list.
The biggest problem is that this version of Facebook video virus prevents users from accessing Chrome extensions. Sometimes the virus even closes Chrome browser. In this case to stop the virus might be hard.
First of all, victims are advised to reset Google Chrome settings by accessing Chrome Settings > Advanced > Reset and click “Reset” button. However, if it does not work and you continue spreading malicious messages to your Facebook contacts, you should uninstall Chrome from your device.
Besides, after Facebook video virus attack, you should also report about these messages to Facebook and change your account’s password. Setting new passwords for Gmail and other accounts recommended too. The virus is known for tracking sensitive information, so you should take care of your privacy.
Facebook video virus might show up on your timeline too
Originally, Facebook video virus automatically shares new posts that are titled as “My private video,” “My first video,” or “Private video.” Virus tags about 20 friends in the post, attempting to draw other Facebook users’ attention. What is more, Facebook video virus sends malicious links directly to victim’s friends via private messages. It seems that this virus is unstoppable; the 2-spyware team has decided to take a closer look at this virus; we have investigated one computer that was infected with it and found out how it works.
Facebook video virus is related to malware, which monitors victim’s web browser. Although some researchers claim that all you need to do is to remove suspicious browser extensions from the web browser, such explanation is not precise enough. In fact, we have discovered that Facebook video malware shuts down the open browser tabs and opens a new window when the victim attempts to open “Extensions” settings.
Obviously, this virus tries to prevent the user from deleting the malicious browser extension. We have discovered that the browser extension related to this virus was Ace Stream Web Extension. However, before you can remove this extension, you have to find and eliminate components related to this extension from your computer system. First of all, we recommend you to open Windows Task Manager (Control+Alt+Delete) and review all suspicious processes on the computer.
The computer that 2-spyware researchers have tested had an ace_engine.exe process running on it, which appeared to be responsible for browser’s malfunction when trying to access the “Extensions” panel. However, that is not the end; we have also discovered that there was Ace Stream Media 3.1.0 installed on the system, which was also related to Facebook video virus.
After uninstalling this program and ending ace_engine.exe process, you can finally access browser settings and delete Ace Stream Web Extension from the Extensions section. We must say that this virus can be related to other programs and browser extensions since the official version of Ace Stream is NOT a malicious program.
Cyber criminals often tend to corrupt legitimate programs by adding malicious components to them and spread them on the Internet. We also recommend you to review and delete all suspicious FB applications that you have recently given permissions to access your Facebook account.
We understand that these instructions might seem confusing. Besides, the video virus could be related to other dangerous programs, and that is why we recommend using a powerful anti-malware software to remove Facebook video virus from your computer.
Facebook users in North Wales suffered from the massive malware attack
Recently, cybersecurity experts received reports from people living in North Wales who claimed that a Facebook virus sends messages to their friends automatically. The message is a part of a simple social engineering attack that sparks victim's interest to click on the video link included in the suspicious message.
The Facebook Messenger Video virus compromises victim's account and then targets people from one's friend list. Before sending the message, the virus grabs target's profile picture and generates a link that displays this profile picture as the presentational photo of the video. Clearly, such trick triggers victim's curiosity and lures him/her to click on the link. Who knows what kind of video it is?
When affected by such simple social engineering trick, the victim tends to think about the worst case possible and starts thinking about all videos he/she wouldn't want to go public. However, in reality, there is no video behind the link. The shady URL points the user to a phishing website that looks like YouTube. The only difference is that the genuine video sharing platform never asks to download suspicious files.
Once the victim steps into the phishing website, it asks to download and open a particular file. If the victim fails to identify a scam and follows the instructions, he/she gets infected, too. The virus then follows its usual routine and attacks new targets from victim's friends list by sending them these fake video URLs.
Keep in mind that these files can be extremely dangerous and function as malware downloaders. Besides, they infringe victim's privacy, therefore should be avoided at all costs. In case Facebook spam messages virus already compromised your social network account, you must run a system scan with anti-malware software to delete it from your system.
Explanation on how Facebook virus spreads
“My private video” virus spreads so quickly because the majority of Facebook users fail to identify these posts and messages as deceptive and malicious content. You should NEVER click on posts or links that your friends send to you if you have even the slightest suspicion that your friend would not share such content on Facebook.
Unfortunately, many computer users click on such content EXACTLY because they cannot believe that their friend has shared such post. Unfortunately, clicking on these malicious video links downloads malware into the computer that takes control over the victim’s Facebook account.
- To avoid Facebook video virus infiltration, you should not click on suspicious posts or links sent by your friends. If such content raises your suspicion, ask your friend whether he/she shared it by their choice.
- Another thing you should know is that videos shared on this social network (no matter if they are uploaded directly to the site or if they are shared via Youtube) play after you click on them. If after clicking on a video you are redirected to some suspicious website that asks you to provide permission to access your Facebook timeline or to download an application to your computer, most likely that Facebook post contained a malicious link.
- You may also install Facebook video virus along with other free programs. We strongly recommend you to avoid downloading software from questionable file sharing websites, because you risk downloading a bundled software. Bundled software is basically a pack of programs, which includes one main program and several optional downloads that can be installed alongside the main program. These optional downloads usually appear to be dangerous applications, so it is advisable to opt them out. You can do that via Advanced/Custom installation settings.
Instructions for Facebook video virus removal
To remove Facebook video virus, you have to employ a professional security software, such as Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus. Malware might install various malicious files to the computer and web browsers. The worst part is that it might prevent users from removing these components manually. For this reason, you should employ a security software.
However, if you are still willing to remove the virus manually, you have to delete all suspicious components from the computer and web browsers. You should also reset the browsers in order to make sure that all malicious components were uninstalled entirely.
The latter step is especially important if you were hit by the Chrome Facebook video virus, you should reset the browser in order to eliminate malicious extensions: open Chrome Settings > go to Advanced > Reset and click “Reset” button. However, if Chrome reset does not work and the malicious messages continue spreading from your account, you have to uninstall the browser from your PC.
After Facebook video virus removal, you must reset Facebook password. Besides, you should also change passwords of other accounts. The malware is capable of tracking user's login data, so cyber criminals may have gotten access to other accounts as well.