Facebook virus is a term used to describe various scams and malware promoted via a social platform
Facebook virus involves numerous scams and hoaxes aimed at users of this social network. Unfortunately, there is a high risk of getting infected with malware as well.
Facebook virus is a set of scams and malware infections that Facebook social platform Facebook might encounter at any time. The goals of cybercriminals behind malware and malicious messages vary: some might popularize a fake message via Messenger as a prank, while others seek to gain access to users' accounts, steal their personal data, or direct them to spoofing sites to obtain credit card details.
Facebook scams comes in various shapes, as hackers are known to proliferate different malicious programs, such as cryptocurrency miners, ransomware, data-stealers, and other dangerous cyber threats.  However, some versions just pollute the Facebook network and annoy its users.
According to experts, various forms of social engineering is used in order to make users believe whatever hackers want them to believe. Even in 2020, they are still suffering from the type of Facebook scam asking if the video, virus alert from Facebook, or sales summary is real. However, the latest scams noticed on this social network are redirecting to Amazonaws domains after clicking on ads offering free Disneyland tickets, RayBan glasses, or sales summary of 2019.
Another type of Facebook scam is the one that spreads with the help of gullible users. Quite often, they get a message from a stranger that tries to threaten malware infections or other dangers and ask them a message to be shared with friends. As a result, the hoaxes like “Be careful: I got a message from you” are spread further and cause users to suffer from spam.
The Amazonaws Facebook virus has been actively used to redirect users to fake websites impersonating YouTube, Twitter, or official domains offering users to update their “Adobe Flash Player.” Unfortunately, the file “flash player.dmg” was found to be infected. Because of the YouTube name mentioned in the alert, this variant was named as Youtube Facebook virus.
Previously, Facebook scams reached its peak when it started spreading Digmine Monero cryptocurrency-mining botnet via Facebook Messenger. The botnet was spread as a video_xxxx.zip file, which is actually an executable of the miner. All in all, this is the most dangerous campaign related to this social network.
Questions about Facebook virus
Undoubtedly, the Facebook video virus is the most popular version of malware that spreads via Messenger. With the help of a compromised account, criminals have been spreading a link named after the video_[random_characters].zip path. However, receiving files called video_5833.zip, video_6447.zip, or similar is a clear sign that your contact’s account was victimized, and the content provided in these files is harmful.
|Type||Many different types: Malware, Password stealing virus, Phishing malware, Spyware, trojan, misleading browser extensions|
|Danger level||High, varies depending of the type of the scam. example of infectious misleading domain:
Malicious texts via Messenger; infected links on unreliable pages; software-bundles; malicious spam emails; Browser extensions, software hacks
|The damage and Most dangerous versions||
Damage may vary by type of Facebook malware, most common are identity thefts, overtaking victims computer, adding in to botnet or mining, stolen passwords, social accounts. Beware of these versions:
|Removal||You can get rid of various scams that affect Facebook by scanning the machine with anti-malware software|
|Recovery||Malware can cause damage to Windows or Mac system files. To recover from it and make sure your system is in the best shape, use ReimageIntego|
Facebook malware has numerous features, including:
- Distributing spam messages to contact lists;
- Promoting fake contests used to obtain users' private information;
- Spreading spam via Facebook chat;
- Distributing malware.
Scammers also take advantage of users using hoaxes by giving them hope to win two free Ryanair tickets and suggesting to purchase various things. Even if the announcement on Facebook claims that the offer is recommended by the reputable financial guru Martin Lewis, you should not fall for such Facebook scam. Also, people can be redirected to sites promoting iPhone for 1 Euro. This may happen after clicking on infected Google's search results. This way, scammers are trying to get personal information, including full name and credit card details.
Facebook malware is a term used to summarize malicious programs which are distributed on the social media platform. The term includes malware, scams, hoaxes, etc.
Unfortunately, serious viruses have also been noticed spreading on the social network – users have already been infected with a notorious Locky virus which has been finding its way to target systems with the help of Nemucod downloader. This cyber threat was found hidden under SVG Image file using photo_[random numbers].svg name. If you happen to see files, such as photo_4837.svg, photo_999.svg or photo_8470.svg, in your Facebook Messages, make sure you stay away from it because its aim is to infect you with Locky ransomware.
If you don't take care of these scams, you can infect your friends and encourage this malware for future crimes. Every user who clicks the malicious link is involved in the distribution scheme. Steps that you can use to fix your account and remove Facebook virus sending messages are provided below this post.
After fixing it, don't forget to scan your computer with reliable security software to see if there is anything malicious on your computer. ReimageIntego can help you to see if you are infected. Keep in mind that security experts have already reported about the relation between Facebook redirect and ransomware-type viruses, trojan horses, and similar threats.
Identified 26 Facebook malware versions. Removal guides included
Be careful: I got a message from you scam
“Be careful: I got a message from you,” also known as “Andrea Wilson Friendship Request,” is a scam that has been targeting various Facebook users since summer 2019. This Facebook virus version propagates using social engineering but does not include any malware infection or personal data leak. Instead, threat actors seek to make users share the message to all friends on Facebook, consequently making the hoax spread further.
|Threat Type||Scam, hoax|
|Distribution||Typically, the fake message is delivered to users via the Messenger|
|Summary||Scam claims that the sender received a message from the user and that his/her Facebook account is connected to somebody named Andrea Wilson. Allegedly, if anyone from a person's friends accepts the friend request from her, his/her Facebook account will be hacked|
|Goal||The message asks users to forward it to everybody in their friends list, threatening with consequences|
“Be careful: I got a message from you” message can come at any time, and the sender can be a stranger or somebody in your friend list who got tricked by the scam. You should simply ignore it. Here's what the message says:
Be careful: I got a message from you or it shown on your wall here.. Please tell all the contacts in your messenger list not to accept friendship request from Andrea Wilson. She is a hacker and has the system connected to your Facebook account. If one of your contacts accepts it, you will also be hacked, so make sure that all your friends know it. Thanks. Forwarded as received. Hold your finger down on the message. At the bottom in the middle it will say forward. Hit that then click on the names of those in your list and it will send to them THIS Is REAL.
"Be careful: I got a message from you" is one of many spank scams making rounds around the social media via the Messenger
Users were asking if their accounts will be hacked if they share the message or whether their friends' accounts have been hacked because of this. In reality, This threat is rather annoying but not harmful: there are no files to be download and no links that could lead users to malicious or spoofing sites. As a result, “Be careful: I got a message from you” remains an annoying issue that keeps popping up from time to time.
Even though you can't get infected with anything or get your Facebook account compromised, you should not share the “Be careful: I got a message from you” hoax to prevent it from spreading further.
Facebook Malware warning
Facebook Malware warning is the scam which aims to infiltrate the system by using malicious or potentially unwanted programs (PUPs). Some time ago it was the most active version of the Facebook virus which was attacking people from all over the world. At the moment, threat activity seems to be decreased.
|Distribution means||Software bundles, insecure third-party sites|
|Details||A fake but legitimately looking Facebook warning appears claiming that user's computer is infected with malware|
|Termination||Scan your computer with anti-malware and reset all browsers|
Alert from Facebook is designed to deliver fraudulent messages about different infections found on the system. Once the users are intimidated, they are offered to purchase and run a full system scan with an antivirus. Unfortunately, such programs only promote useless or even potentially dangerous software and should never be trusted.
Suspicious software offered by Facebook Malware warning might actually be:
- Expensive and ineffective optimization tool;
- Banking Trojan;
Even though there were some reports about Facebook Malware warning in 2017, it gained its popularity in 2018. Therefore, users are advised to use a professional malware removal tool which is downloaded from official websites only. This way, you will avoid any fake programs and protect your system.
Facebook Messenger virus
Messenger virus is another variant of the Facebook scam which has been spread through the chat window of this social network. No matter that the threat is relatively old, it is still actively affecting users by using a tricky scheme which uses the victim's profile picture, the name, and a link offering to check a specific video. The message creates an image that the video is saved on YouTube and that it is somehow related to the victim. As a result, this scam has affected numerous users worldwide.
|Spread via||Facebook Messenger|
|Details||Victims receive a message from somebody on the friend's list. The short message compiles of a profile picture, name, and the link to an alleged video. As soon as it is clicked, it leads to the spoofed Facebook login page. Those who proceed hand in login credentials to cybercriminals|
|Remedy||Before clicking on any links, make sure that the person actually messaged it to you|
Unfortunately, the link included to the fake Facebook Message does not lead to Youtube. It reroutes unaware PC users to fake sites either requiring to connect to your Facebook account again or offering to enter your answers to some survey. Beware that this method has been actively used to swindle users' personal information, such as logins, passwords, and similar data. Besides, there is a huge possibility of being infected with malware.
Facebook Youtube scam - yet another type of the scam using the social giant to spread around. While it has been redirecting its victims to Youtube, the content is still considered to be dangerous.
This threat has also been used to promote a fake browser add-on causing serious malware's infiltration. According to PC experts, this threat disables security software and prevents its removal from the affected computer.
Facebook video virus
Facebook video virus is a malware that controls victim's Facebook account and automatically posts “My private video,” “My video,” “Private video” and similarly entitled malicious links on victim's timeline. What is more, it tags random victim's Facebook friends in these posts to draw their attention and invite them to click on the link.
|Threat Type||Malware, scam|
|Spread via||Facebook Messenger|
|Infection means||Users receive a message that contains “My Private video” or similar message and a link to the alleged video. Nevertheless, if clicked, users might immediately install malware|
|Remedy||Scan your computer for malware and|
|Prevention||Never click on suspicious links, even if they come from your friends|
Private video Facebook virus also sends messages having the malicious link included. They go directly to the victim's friends. We strongly advise you NOT to click on these links as it can automatically download malware to your computer.
The main danger related to Facebook video scam is its ability to redirect victims to malicious websites. Beware that the content you can be redirected to can end up with malware. There is also a possibility that your computer will be included in the botnet sending spam all around the network. Finally, a malicious file can also be installed just by clicking on this link. As a result, you can get infected with ransomware, rootkit, worm or a Trojan horse.
“Is that you” Facebook virus
“Is that you” Facebook virus is yet another version of the Facebook threat that involves Messenger app and a video sent by users' social media friends' accounts. This scam tries to intimidate users by showing a link to an allegedly compromising video that was leaked online. However, as evident, these claims are fake, and it is merely a trick used to make users click on the malicious link.
The message itself may display various text from “Is this you?” YouTube video or only state your name and a question mark alongside the link to the video on youtube or any similar platform. In most cases, you cannot even see the thumbnail of the video to know if the video is really of you.
The main red flag is that there is no context besides that message with a hyperlink or a direct video, so you can be sure that the person who sent this message is not the one responsible. Criminals can hack those Facebook accounts with the only aim – to send this scam campaign.
Make sure to notify the person from the other side, since he or she is the one that got this Facebook messenger it's you virus and needs to have a full system cleaning done to get rid of the initial malware. Their device may get damaged besides infecting oper peoples' machines. Once the person falls for such scam the account credentials get used to login to the profile and spread this malware further.
"Is that You" Facebook video scam is yet another type of malware appearing on the Messenger and showing allegedly compromising content about you.
OMG Facebook game virus
OMG Facebook Game is a malicious strategy used via OMG Facebook game. This is an instant game platform that gained popularity recently. However, users have experienced issues which have already been reported as playing the OMG game on Facebook resulted in the monetary loss. Fortunately, in this particular incident, the victim got the money back because she contacted Google Play's customer service.
|Threat Type||Malicious ads|
|Spread via||Games in Facebook client|
|Details||Malicious ads in games might lead users to automatic payments for never-ordered services|
|Remedy||Contact Google Play, Facebook, or any other involved parties|
|Prevention||Do not click on suspicious ads that pop-up in Facebook games|
As the victim stated, she was playing the game on Facebook and clicking around the application. The game contained various advertisements and clicking on them resulted in redirects to suspicious websites. However, quickly after that, notification about successful payment via Google Play Account was delivered.
Beware that clicking on various third-party advertisements can result in various cyber infections, so you should keep in mind this fact even while browsing on social media and playing in-website games. The OMG creators reported that this sudden charge has nothing to do with the app and that the game is free and doesn't ask for any payment and that the data collected and used by this program include public information only. They stated that the issue is noted and they are working on improving the experience of Facebook Games.
Facebook Messenger Scam is one of the most aggressive types of threats which has been spread since 2013.
Facebook “iPhone for 1 Euro” scam
At the beginning of February 2018, researchers revealed a new wave of Facebook scam. This time, scammers tried to trick people by using false offers to buy iPhone for 1 Euro. According to Phil Tully, a researcher from ZeroFox, any free or cheap iPhone offer should be marked with a red flag. This way scammers may try to extort people's personal information, including full name and credit card details.
|Threat Type||Survey scam|
|Distribution||Malicious Google search result redirecting to bogus Facebook sites|
|Peculiarities||Users are offered an iPhone for one euro. In reality, crooks are trying to defraud users' personal information or attempt to subscribe them to a bogus service|
|Prevention||Do not engage in any “free iPhone” or “iPhone for 1 euro” offers. If you want a new iPhone buy it from official sources|
“iPhone for 1 Euro” scam has been spreading via infected Google search results used to redirect victims to a Facebook site with a fake iPhone offer. If you happen to come across this Facebook iPhone scam, please report it to Facebook's support immediately. Besides, check your web browser for unwanted extensions and run a scan with an anti-virus program.
Clearance sales summary of 2019 Facebook virus
Clearance sales summary of 2019 Facebook threat is an extremely aggressive scam that keeps posting a specific ad/image on the user's profile every few hours. Additionally, it tags random victim's friends (40-50 of them) to catch their attention and keep spreading. It has also been seen on Instagram and other social networks.
|Details||Facebook users might come across ads that offer expensive and high-profile brand clothing due to Clearance sales. Nevertheless, if the ad is clicked, users are linked to spoofed websites where, after payments, users never receive the discounted goods|
|Prevention||Do not click on deals that are too-good-to-be-true|
|Further action if affected||Contact your bank and local authorities dealing with scams|
The pop-up which is posted by Clearance sales summary of 2019 displays impressive discounts of famous clothes and shoe brands. The names include The North Face, UGG, Adidas, Nike, Timberland, Dr. Martens, Canada Goose, and others. Additionally, the scam also includes links redirecting victims to the sites that look like their official web shops.
Beware that these sites and goods which are presented there are fake. No matter how cheap they are, these scammers can send you anything once you pay. Besides, you will be asked to enter your credit card details what can additionally lead you to the loss of your financial information and money. If you found this ad on your wall, delete it immediately or remove the tag. If such activity continues, report the alert to Facebook and follow the steps provided at the end of this post.
Faceliker is a click-fraud Trojan that can infect the victim's computer as soon as he/she visits a compromised web page. It gets access to the account, but, instead of hacking it, it silently uses it to like very specific content. The malicious software redirects the victim's clicks on “Like” buttons and likes completely different content instead. This way, Faceliker Trojan operators can fraudulently promote pages, links, fake news, and other content.
|Infection means||Malicious websites, spam emails, cracked software, etc.|
|Details||If infected, user's account is used to automatically like predetermined Facebook pages, which allows cybercriminals promote Facebook groups, individuals and posts|
|Termination||Scan your computer with powerful anti-malware software|
In case you suspect the presence of Faceliker, immediately check your activity log on Facebook. In case you see some unauthorized likes on posts, links or pages that you didn't authorize, scan your computer with a powerful anti-malware software to remove Faceliker for good.
Facebook “Following Me” scam
The scam seeks to promote the post offering you to identify strangers who are following you. At the moment, the network allows unknown people to follow you by clicking the “follow” button, but it does not identify them. According to the scam note, once you enter Settings, Blocking and then Block and then type following Me,” you will see the list of secret followers.
|Spreads||Via bogus Facebook post|
|Peculiarities||The scam offers to reveal people who are following you (Facebook does not provide such option)|
|Precautions||Be aware that Facebook does not post specific instructions, and bogus functionality of the app is only promoted by cybercriminals|
In reality, Facebook delivers you the names of people whose names comprise of the “following me” letters. Fortunately, this hoax does not have negative effects as in other cases, when you are tempted to visit infected websites and install corrupted apps. Note that Facebook does not grant such privilege of revealing your followers.
Facebook Money Scam
Facebook Money scam was first spotted in August 2017, when unknown cyber criminals while trying to swindle the personal information from naive users, such as credit card numbers, money or even identity, by using the name of famous and reputable people.
|Threat Type||Fraud, scam|
|First spotted||August 2017|
|Details||Fake adverts that use a well-known personality name try to swindle Facebook users' personal information|
|Precautions||Before trusting posts on Facebook, first verify that they are coming from a legitimate account of a the person of interest|
One of the persons involved was a well-known financial advisor and the founder of MoneySavingExpert.com website Martin Lewis. According to a video which was published on Twitter, people should be careful with such hoaxes that give fake recommendations or use the picture of Lewis illegally.
One of these scams is claiming that Martin Lewis invested half a million pounds into cloud trading scheme because it’s the best what you can do with your money. However, it’s not true. Fraudsters also use his picture for boiler cover incentives, heating incentives and PPI companies that Lewis has nothing in common with.
However, if you find a Facebook advert using his name and offering to invest or purchase some products, do not get tricked and report about such advert to Facebook. The financial guru clearly stated that he does not do Facebook adverts or endorsements unless it’s charitable activity.
Facebook Ryanair scam
The purpose of this scam is to trick users that they can win two free tickets to fly with airlines on their 35th anniversary. However, the company is only 33 years old. The Ryanair scam has been first noticed in 2016;  however, it continues spreading further.
Ryanair scam offers users free tickers, although once licked is clicked, users are asked to enter their Facebook login details into a spoofed site.
The post includes the picture of a boarding pass with Ryanair logo. However, vigilant people noticed a ridiculous seat arrangement or an unusual usage of QF code. This post also redirects to numerous fake website, for instance, “ryanair-airways.us.”
On the scam website, users have to enter a bunch of personal information which is accessible to cybercriminals. Some reports also claim that some of these fake sites are infected and spread malware. Therefore, users are advised to stay away from such posts on Facebook. The official Ryanair Facebook account is verified. It means that it has a “blue tick” icon. Hence, if you see other accounts spreading such contests, it’s a clear sign that they are fake.
Facebook Ray Ban virus
If you are a Facebook user, you probably noticed Ray Ban spam on your timeline at least one time. Criminals are using hacked Facebook accounts to promote illegal and fake Ray-Ban online shops offering the famous eyewear brand products for a fraction of their original price. Ray-Bans on sale? This social engineering trick can attract everyone who desires to obtain these fashionable eyeglasses for less. Sadly, attempts to buy them for a ridiculously small price lead to unexpected consequences.
|Threat Type||Sales scam, malware|
|Specifics||The scam revolves around users getting infected with data-stealing malware. After that, the host Facebook account is used to tag friends in fake Ray Ban glasses sales posts or create groups. In such way, the hijacked account can promote malicious links, which other users can click and get their personal data stolen or infected with malware|
|Remedy||If you were a victim of Facebook Ray Ban scam, you should immediately scan your device with anti-malware software and change your Facebook, as well as other accounts, credentials|
The victims of Facebook Ray Ban virus usually have a password-stealing malware installed on their computers. As soon as frauds find out victim’s Facebook login details, they access the account and use it to post images promoting fake Ray-Ban deals, tag victim’s friends in them, create groups, events and take other illegal actions.
These phishing websites will never provide any glasses to potential buyers because their only purpose is to rob the victims and steal their credit card details. If you bought something from those fake websites, you should contact your bank ASAP and cancel the transaction. You should also change all of your bank passwords and take other steps to protect your privacy.
In case you noticed that your friend posts these Ray-Ban related posts and tags others into them, you should contact him/her and tell them to check their computer with an anti-malware software. The culprit might be an obfuscated keylogger set to steal all of the passwords and login details.
At the same time, they should change their password and go to Settings > Account Settings, then to Security and log in and disconnect all devices that are logged into their Facebook account. Victims should also untag themselves from such posts.
If your Facebook account was hacked by Ray-Ban virus, you should go to Facebook Hacked page and report a compromised account.
Facebook Disneyland scam
Facebook Disneyland scam offers an opportunity to win free passes for the Disneyland theme park. Unfortunately, Disney is not giving away any free tickets to their theme park. People who accessed the provided link and then entered their personal information such as email addresses, cell phone numbers got scammed and put themselves into the risk of identity theft.
Being spread by using various Facebook posts, the scam redirected its victims to a page asking them to answer survey questions about different products or services. Additionally, the victims were tricked into agreeing to receive calls and text messages from salespeople. Besides, the victims were asked to provide their email address, full name, and similar data.
We should also add that there is yet another version of the scam stating that Disneyland celebrates 110 years of service and offers free tickets to 500 families. However, Disney was not sponsoring any of this. The scam offering 5 free tickets was taken for real because of the artwork similar to Disneylands' trademark used in it. When users clicked on the picture, users were presented with the following message:
Congratulations! You have been selected to take part in our short survey to get 2 free Disneyland tickets.
The “winner” was announced after three questions but there was no prize given. People who participated and “won,” were tricked into liking the message and sharing it with their friends on Facebook. By using this strategy, scammers.
In this case, users are offered free Disneyland tickets. However, it is just a hoax and crooks seek users' personal information.
Jayden K. Smith scam
In the middle of summer'17, new Facebook hoax emerged. This time, a fake message is circulating the social network, urging users not to accept a friend request from someone named Jayden K. Smith. The fraudulent message states that the victim's account will be hacked as soon as one accepts the friend request from this so-called “hacker.”
|Specifics||A fake message that warns about a bogus hacker Jayden K. Smith, and urges users not to accept friend request, but rather inform everybody in the friend list about the alleged danger|
|Further actions||Do not believe random messages that come your way on social media|
On top of that, the message suggests forwarding the news to all of the user's friends to help spread the knowledge about the non-existing person. This apparently accelerates the spread of this Facebook hoax.
The truth is, there is no Jayden K. Smith, and there's no reason to worry about him. As always, remember that you should never accept friend requests from strangers because your social media account and your friends' lists can provide scammers a lot of valuable information about you.
Congratulations! Your profile has been selected by Facebook
“Congratulations! Your profile has been selected by Facebook” is malvertising technique that created a scam based on the old trick – fake lottery notifications. After getting infected with this adware, you will be bothered by regular pops up stating that you have won an iPhone. In order to retrieve the prize, you need to click on the indicated “Select” button.
|Peculiarities||Users are redirected to suspicious sites that display fake pop-ups. The messages claim that users were selected by Facebook to receive a prize, but users are required to provide financial information to allegedly be able to collect it|
|Risks||Money loss, sensitive data theft, malware infections|
|Further actions||Scan your computer for malware with anti-virus software and reset all of your browsers. If you entered your banking data into a spoofed site, contact your bank and local authorities that deal with scams|
Needless to say, that you will not receive any prize at all. In fact, you might be asked to provide such confidential details as credit card number, verification codes, email, and shipping addresses. Such data serves as a valuable material for cybercriminals to improve their hacking techniques. In the best case scenario, your computer screen and email Inbox will be crammed with personal spam messages.
Otherwise, you might be infected with a more serious threat. This adware spreads the same way as other samples of the same category. “Your profile has been selected by Facebook” might infect your computer via a recently installed freeware or a plug-in. Illegal file-sharing domains might also deliver this virtual annoyance. If you notice these notifications, ignore them, scan your PC with an anti-spyware program and reset the settings.
Facebook hahaha virus
Facebook “hahaha” virus is yet another version of Facebook scams. It is a serious malware which is spread via this social network and used for turning the computer into a bitcoin mining machine.
|Details||Users are tricked to download a malicious .zip file that extracts the malicious payload and crypto-mining activities begin|
|Consequences||Computer slowdown, hardware wear-and-tear, increased electricity bills, other malware infections|
|Recovery||Remove malware with security application and reset all your browsers|
Once it tricks its victims into downloading a malicious .zip file, it starts initiating serious system's slow downs and similar issues. Please, don't let this malicious software stay on your computer because you can never know what malicious activities it can be used for.
Facebook French Tech Support scam
New Facebook spam campaign has just been launched, this time, focusing on the French-speaking Facebook users. The hackers are now modifying Facebook ads and using fake news articles to redirect victims to a malicious Tech Support scam page located on the “hxxp://scansecure21.online/virus-alerte/” domain.
|Type||Technical support scam|
|The way it works||Crooks create malicious ads that redirect users to a website that imitates Blue Screen of Death error and plays an audio file that claims that visitors' PCs are infected with Zeus banking trojan. To remediate the issue, users are prompted to call fake tech support|
|Ramifications||Users who call fake tech support might get their machines infected with malware, or lose their money for false tech support services|
|Prevention||Never call any numbers provided in the error message, even if it seems like it comes from a legitimate body (Microsoft, Apple, Facebook, etc.). Legitimate messages include error code but never provide any contact information for the alleged tech support|
Once the users land on this page they are “greeted” by a BSoD imitating window and a 29-second audio file (1.mp3) reading out a text in French. Users are being threatened that their computers have been infected with Zeus trojan and the only way to protect their banking information and other sensitive details from leaking to the hands of hackers is to call Microsoft support technicians by the given number.
It is yet unknown what follows after calling this number, but we can only presume that this Facebook scam works like any other Tech Support scam and the scammer are trying to convince the callers to purchase questionable software or get remote access to their computers.
French Facebook users are targeted by a fake Blue Screen of Death message which they get after being redirected from a bogus Facebook post.
Be careful with the ads leading to the following domains:
hxxp://actulist.com/adv1/; hxxp://hebdo-actu.com/ad-s1/; hxxp://twimflp.com/ads-03/; hxxp://25608498.com/ and hxxp://com-uknewsnow.com/.
Facebook stalker virus
Facebook Stalker is a dangerous FB application which is actively spread on this social network. It belongs to scammers and it is used for stealing sensitive user information, not for helping people to find out who is secretly watching their FB profile.
|Threat Type||Scam, malware|
|Distribution||Bogus messages on Facebook|
|Peculiarities||Users are urged to click on malicious links on Facebook. These links can redirect users to malware-laden sites that contain information-stealing trojan payload|
|Risk factors||Money loss, identity theft, malware infections, etc.|
|Recovery||Scan your computer for malware and change all your passwords|
If you happen to all for the FB Stalker app, you can be redirected to a malicious site which looks like a typical login page of the Facebook. Please, do NOT enter your personal information on it because you will disclose it to malicious actors and lose your Facebook's account!
Your page will be unpublished scam
“Your page will be unpublished” campaign started in 2016 when scammers started creating bogus Facebook pages titled as Advert Solution, Ads-Info., Ads Department Social, Team Advert, and similar.
All these pages find pages that belong to business owners, and try to scare them by sharing their posts and adding such message to the post:
WARNING: Your Page will be unpublished! Your account has been reported by others. Our system has received the following reports […] To prevent fraud, please re-confirm your Account to avoid blocking here: [link to a phishing Facebook page].
If some suspicious-looking page has shared your post stating that your page will be disabled, ignore it, and report that person/page to real Facebook staff. If you provide your login details to these scammers, they are going to hack your account immediately and use it for malignant purposes, for example, scam your friends asking them to lend money.
Do not click on it as you may accidentally download a trojan or enable the full hack of your account. There is also a possibility that you might be misled to the infected domain after clicking the link.
Hackers did a pretty good job impersonating the official support team by giving credentials, However, you might still notice type and grammar mistakes. The sender's email might raise suspicions as well. This version can be eliminated with the help of anti-spyware and anti-virus programs.
Invitation Facebook virus is a different kind of virus that has been spreading on Facebook for years. It spreads via emails and Facebook's message boards and announces about a great danger on this social network.
|Distribution||Spam emails, fake Facebook posts|
|Details||Scammers spread fake messages that warn about an alleged “Olympic torch” virus, which is actually fake. Victims are asked to forward the message to everyone on their friend list to allegedly protect them from danger.|
|Further action||Do not forward any hoax messages to your friends – it's a scam and “Olympic torch” does not exist|
To be more precise, it foolishly warns its victims about the Facebook threat that comes as a message with an attachment called Invitation Facebook and the text states:
Opens an Olympic torch and will take the whole hard disk C of your computer.
However, security experts have revealed that this message includes trojan horse and other types of viruses. You should remove this scam letter as soon as you receive it.
Facebook Automatic wall post
Facebook Automatic Wall Post is a cyber infection created for increasing the traffic to specific domains. Besides, it may negatively affect your computer's security and try to steal your personal information.
This virus makes people visit the website by showing a tricky message which claims “Sexiest Video ever” and includes a link leading to an unknown website. Also, it automatically makes a post on your wall and spreads in this way. If you see such message, which seems like it has been posted by your friend, you should remove it from your wall immediately.
Facebook friend request
Facebook Friend Request is a dangerous threat which sends friend requests from user's account to unknown people or, even worse, the ones who have been already blocked by a user. It has been reported that sometimes this virus manages to send more than 100 invites to random people.
|Threat Type||Spam bot, malware|
|Details||The infection sends hundreds of friend requests to unknown people on Facebook|
|Dangers||Infected users might get their personal information stolen|
|Fix||Scan your computer for malware and reset all your passwords|
The point of creating and using this hasn't still been revealed. However, some experts claim that this threat may be used for taking over computers, shutting down their anti-virus programs and similar activities.
Facebook Change color scam
Facebook Change Color is a sneaky variant of the Facebook virus relying on a message offering to change your social network's background to pink, red, black or another color.
|Threat Type||Survey scam|
|Distribution||Facebook Messenger, spam emails|
|Peculiarities||Users are offered to change their background on social media to different colors. For that, they need to click on a malicious link, which consequently leads users to a survey scam site|
|Remedy||Do not click on suspicious links on spam emails or Facebook Messenger|
Just like other types of this threat, it may come to your inbox from one of your contacts which has also been tricked by this scam message. Typically, it includes a malicious link helping for scammers to drive more traffic to their online survey. If you click on this link, you will send this scam message to all your contacts.
Facebook Child Porn
Facebook Child Porn is a dangerous application, which is circulating on Facebook in a form of pornographic video. It may seem that the message, which has this video attached, was sent by your friend and it is safe. However, after opening it, it becomes clear that it's related to child pornography.
Some victims report that it contains a phrase “watch this if you're curious.” Once opened, virus automatically attaches to your Facebook account and shares this video with all of your Facebook friends.
Facebook scams has been used to spread malicious or sponsored links. Some of them promote highly suspicious webshops that are filled with fake deals.
Facebook Ray Ban scam is another trick by criminals which populated in 2018
Facebook Ray Ban scam is currently one of the most popular versions of FB virus on the Internet. Users report that they have received suspicious offers on the social media platform to purchase Ray Ban glasses half the original price. We want to warn you that there is a similar hoax, known as Ray Ban Instagram.
Ray Bans on sale? This social engineering trick can attract everyone who desires to obtain these fashionable eyeglasses for less. Sadly, attempts to buy them for a ridiculously small price lead to unexpected consequences.
The victims of Facebook Ray Ban usually have a password-stealing malware installed on their computers. As soon as frauds find out victim’s Facebook login details, they access the account and use it to post images promoting fake Ray-Ban deals, tag victim’s friends in them, create groups, events and take other illegal actions.
These phishing websites will never provide any glasses to potential buyers because their only purpose is to rob the victims and steal their credit card details. If you bought something off those fake websites, you should contact your bank ASAP and cancel the transaction. You should also change all of your bank passwords and take other steps to protect your privacy.
In case you noticed that your friend posts these Ray-Ban related posts and tags others into them, you should contact him/her and tell them to check their computer with an anti-malware software to remove Facebook Ray Ban scam. The culprit might be an obfuscated keylogger set to steal all of the passwords and login details.
At the same time, they should change their password and go to Settings > Account Settings, then to Security and log in and disconnect all devices that are logged into their Facebook account. Victims should also untag themselves from such posts.
If your Facebook account was hacked by Ray Ban, you should go to Facebook Hacked page and report a compromised account.
Locky ransomware is distributed via Facebook Messenger
One of the versions of the Facebook threats is designed to send deceptive messages via Facebook Messenger to infiltrate the system with Locky ransomware. Usually, the person receives an innocent looking text and a link which can appear as photo_4837.svg or photo_8470.svg. As soon as the user clicks on it, the system is infected with a file-encrypting virus.
Additionally, the criminals are trying their best to make the message seem convincing, so they add the following phrases:
- Look at this video;
- My newest video;
- OMG! I can't believe this!, etc.
We should also add that the most of these links look like they were sent to you by one of your friends, so there is no surprise that the latest attack of threat (it was initiated on the end of September 2016) managed to infect more than 800,000 users. It is unknown how many users were tricked in November 2016 attack, but the number is suspected to be similar.
By clicking such link, you infect your Facebook account and start spreading scam yourself. Besides, such malware can easily infect your computer with the most dangerous computer viruses that are active during the distribution.
Besides, such threats have actively been used for acquiring sensitive information, such as logins, financial information, and other data which is considered confidential. Unfortunately, hackers have already managed to release multiple versions of this threat. All of them are listed below.
If you think that you are dealing with problems on your Facebook account, you might be infected. Check your wall for spammy posts, go thru your Messages for misleading links. If you can remember clicking them, you must remove scam ASAP. There are several ways to fix your Facebook account and the affected PC system.
In reality, most of the people whose name was used in this scam are not aware of that.
Facebook Video virus is successfully infecting computers in 2019 as well
Facebook video scam is a tricky scam which is particularly created to distribute potentially unwanted programs (PUPs) or even malware via messages on Messenger. Experts noted that it is still active in 2018, so people must be extremely cautious. Those who have been infected say that they have received a direct text from one of their Facebook friends which includes several elements and a suspicious link:
- targeted victim’s name;
- word “video”;
- random emoji.
When a user clicks on the infected link, the virus starts spreading the same message to all victim’s contact list. Therefore, it works like a chain reaction. Therefore, it is also reported that it can send messages in a different language. For instance, in the Netherlands, these messages are written in the Dutch language.
The recent version of Facebook video threat is suspected to be spreading via Google Chrome extensions. However, it is designed to prevent victims from removing it easily. This happens when the malware does the following:
- Performs arbitrary modifications on the browser;
- Blocks user’s access to browser’s extensions;
- Might close Chrome when a user tries to open them.
After the attack, users are advised to reset Google Chrome. However, this may not work. If you Facebook friends continue on reporting about messages sent from your account, you have to uninstall Chrome from your device.
What is more, if your account was hacked, you should also set a new Facebook password and change other accounts passwords. It’s unknown what information cybercriminals can access and what damage they might cause to the personal user’s information. Therefore, victims are suggested to protect sensitive data.
The malware infects computers worldwide for 3 years in a row
This dangerous cyber threat which has already infected computers all across the globe. Cybersecurity specialists have reported about the Facebook Youtube video version of the malware. At the end of 2017, these scams has tried to deceive credulous people and open a malicious link. It has also spread via Messenger with the following elements:
- Link to the video;
- Profile picture of the receiver;
- “Ohh! det är verkligen du?” (“Oh! Is it really you?”) message.
The link directed victims to a YouTube page. It asked you to download a specific plug-in to play the video. Though it may seem more credulous, note that once a proper video link is attached in a Facebook chat window, it displays the icon of the video with a screenshot of the video content.
In this scam, the link does not reveal anything except the YouTube brand name. Like previous versions, the scam is spread to all the contacts of an infected user. The developers of this scam might have set up a few fake accounts as well to keep the distribution of the scam.
Unfortunately, Facebook virus revealed its new capabilities in December 2017. First of all, it started attacking new countries, such as Vietnam, Netherlands, and Spain. The virus still tries to spread around as Youtube-related video, so make sure you ignore messages that use “video_ (4 random numbers)” name.
After clicking this message, you can run into two different scenarios:
- It can redirect you to a fake Youtube page asking to update Adobe Flash Player. According to the latest news, this way you can get infected with an adware-type program that can potentially redirect you to malicious websites or track your browsing.
- You can get infected with an infamous Monero miner, alternatively known as Digmine. In this case, your computer's resources can be used to mine virtual currency. Besides, this attack involves a malicious Chrome extension which misuses Facebook auto-login feature and connects to the victim's account to continue the distribution of the malicious video link.
Facebook malware and other hoaxes are distributed via extensions
The primary and most successful distribution technique of the malware is malicious Messenger messages that contain an infected link. They are well-designed to make sure that people would fall for the fraud. This way, once the link is clicked, hackers have the access to hijack Facebook account and start the chair reaction of infections.
In addition, if not eliminated, Facebook malware can infect your computer with a trojan horse that starts its activity as soon as it enters the system. It can track you for years to steal your personal information or it can download other viruses to your computer, including ransomware-type threats that can encrypt your files with an advanced encryption algorithm and then start asking you to pay a ransom.
An alternative way used by malware to infect its victims is related to hacked apps. If you are tricked into granting them with the access to your account, you can find out that your social account was hijacked. Finally, using a weak password is also considered one of the main ways used by Facebook malware to affect its users.
The latest version of malware is noticed spreading via Google Chrome extensions. The problem with this distribution method is that users were forbidden from access Chrome settings and remove the malicious app unless they reset the browser or uninstall it entirely.
Use uninstall Guides to remove Facebook scams and protect your account
It is essential to understand that hackers are good at social engineering tactics and you shouldn't trust unknown people on the social media platform. You can avoid threats if you never click on:
- Suspicious links;
- Messages from unknown people;
- Unreliable file downloads.
If you can't resist the temptation, send your friend a message BEFORE clicking the provided link and ask him or her about it. Additionally, avoid accessing every game, site or app on the social network because it may be hacked by cyber criminals.
If you have been tricked by any of these types of Scams, you should change your Facebook's password ASAP in order to avoid identity theft and the loss of personal information. Additionally, contact your friends and let them know that your account is hacked. Finally, download security program to scan your computer and prevent infiltration of malware. It can remove Facebook virus and its outcomes within several minutes. For best results, use ReimageIntego.
Do not forget to update the software before running a scan to be sure that your PC is safe. Some of you might try to perform manual removal on their computers. While you can fix your account manually, we would like to warn you that the threat which travels around together with this threat can remain undetected on your computer.
Turn off Platform
You can switch off Platform functionality which would stop third-party apps and websites integration:
- Login to your Facebook account and click this little triangle on your right;
- Click Settings to open General Account Settings window;
- Look on your left and select Apps;
- Click Edit button on Apps, Websites and Plugins option;
- Select Disable to protect your account from unauthorized access of third party apps.
Removal requires checking the app's settings. Additionally, a full system scan is recommended.
Change your Facebook password
If your accounted was hacked or accessed by unknown individuals, make sure you immediately reset your Facebook password:
- Click the same little triangle on your right;
- Click Edit next to Password option;
- Enter your current password and the new one. Retype it and select Save changes.
Reset all all the affected browsers to remove Facebook virus
Typically, adware or other potentially unwanted programs might change web browser settings. Such a browser will still redirect you to spoofing, scam and phishing sites. Additionally, some malware might steal cookie information. Therefore, make sure you reset your web browsers and eliminate the possibility of hackers keep harvesting the crucial data.
- Go to Google Chrome and click on the menu (three vertical dots at the top-right corner) and select Settings.
- Scroll down and pick Advanced. To ensure Facebook virus removal, you need to reset Chrome
- Next, find Reset and clean up section.
- Now click on Restore settings to their original defaults.
- To confirm the action, click on Reset settings and complete Facebook virus removal.
- Open Mozilla Firefox and click on the menu.
- Go to Help and then select Troubleshooting Information.
- In the Give Firefox a tune up section, click on Refresh Firefox…
- Finally, confirm the action by pressing on Refresh Firefox.
- Select Safari and then click on Preferences…
- Go to Advanced tab.
- Tick the Show Develop menu in menu bar.
- Go to the menu bar and click on Develop, and then pick Empty Cache.
- Click on Gear icon and select Internet options.
- Pick Advanced tab.
- Select Reset.
- In the new window, check Delete personal settings and click on Reset.
- Select Menu (three horizontal dots at the top-right) and click on Privacy & security.
- Pick Choose what to clear located under Clear browsing data.
- Select everything and click Clear.
- Now press Ctrl + Shift + Esc on your keyboard to open Task Manager.
- Click on More details arrow at the bottom of the window.
- Select Details tab.
- Find all MS Edge entries, right-click and select End task.
Scan your computer with security software:
A full system scan is recommended to prevent the further damage of Facebook related threats. By running a full scan with ReimageIntego or similar software, you will ensure the removal of trojans, ransomware-type viruses and similar malware which has been spread with the help of this virus.
Access your website securely from any location
When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.
If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.
Recover files after data-affecting malware attacks
While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.
Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection.