Malicious video links spread Facebook virus on Messenger again

Facebook video virus returns with new tricky campaigns

Reports about increased activity of Facebook video virus has been showing up during the past few weeks. The new wave of spam messages is being spread via Messenger. The malicious message refers to the targeted victim by his name, includes the word “video” and surprised emoji. However, the most important part is a malicious link, which is shortened by bit.ly or t.cn.

The significant feature of the new Facebook Messenger virus is that it addresses and talks to the users in their native language. Among most affected countries are the Netherlands,^[1] Germany,^[2] and Spain^[3].

Therefore, if you received a link from your best friend, you should not rush to open it and find out what it’s about. The curiosity may lead to adware or malware attack.

Currently, the researchers are investigating this version of Facebook virus. It’s not sure how the virus spreads. Obviously, crooks take advantage of social engineering and people curiosity. However, technical aspects are not specified yet. It might be related to stolen credentials, clickjacking technique or hijacked web browsers.

The malicious video link redirects to fake website that asks to install updates or browser extensions

The virus attack begins when a user clicks on the misleading video link. Then malware redirects to Google docs that include the picture of the video. However, clicking the “Play” button leads to the unknown website and asks to install necessary plugin or browser extensions. These sites might differ based on various criteria, such as:

• user’s location,
• used web browser,
• type of operating system,
• installed extensions or plugins,
• cookies,
• etc.

Currently, researchers have analyzed virus activity on Google Chrome, Mozilla Firefox, and Safari browsers.^[4] Once users click on a malicious link, they are redirected to different websites. However, it seems that the most aggressive campaign is held on Google Chrome. If victims install a malicious extension, they can no longer access extensions list unless they reset or uninstall the browser.

When Google Chrome users click on a malignant link, they are redirected to the website that looks identical to YouTube.^[5] The site delivers a fake message that claims that users need to install a particular browser extension from Chrome Web Store. The similar hoax was used in 2016 by creators of Locky. Fortunately, this malicious campaign does not spread this dangerous ransomware.

Windows and Mac OS X users who browse the web with Mozilla Firefox are redirected to the website that promotes Flash Player updates. If this fake website tricks users into installing a bogus program, they end up installing adware that might be capable of tracking user’s credentials.

Safari users are also targeted by fake updates. However, they are suggested to install the latest version of Flash Media Player.

If users are tricked and download these fake programs, malicious executables are installed directly on the computers. Therefore, malware might run in the background, continue spreading spam via messenger or cause damage to personal data.

How to spot a dangerous link? Ask your friend if he really wanted to show you something

If you are one of those people who exchange funny video links with your Facebook friends, you might get easily caught by this social network virus. In order to avoid sending spam on Messenger and put your privacy at risk, you should make sure that you click on safe links only.

If you received a strange video link with your pictures or name, you should open it only if your friend confirms that he or she created something special for you or wants to share an interesting video with you. Otherwise, your question will inform the person about the cyber attack.

Besides, you should always report about spam or phishing websites to Facebook. It helps to keep this social network cleaner and safer place.