Watch out! Adware spreading via Facebook Messenger

Security experts from Kaspersky Lab have spotted an ongoing cross-platform malware campaign that leverages Facebook Messenger.

Security experts from Kaspersky Lab have spotted an ongoing cross-platform malware campaign on Facebook Messenger, spammers are actually infecting users of all platform with adware.

Users receive a video link that redirects them to a bogus website set up to lure them to install a malware.

Researchers believe threat actors leverage compromised accounts, hijacked browsers, or clickjacking techniques to spread the malicious link.

They use social engineering to trick users into clicking the video link, which pretends to be sent from one of their Facebook contacts.

“The initial spreading mechanism seems to be Facebook Messenger, but how it actually spreads via Messenger is still unknown. It may be from stolen credentials, hijacked browsers or clickjacking. At the moment we are not sure because this research is still ongoing.” reads the analysis published by Kaspersky Lab.

The malicious message reads “< your friend name > Video” followed by a link, as shown.

When the victim clicks on the fake video, the malicious code redirects him to a set of websites which gather information on his system (i.e. Browser, OS) to choose the website to which he has to be redirected.

Users are redirected following a domain chain, many websites on different domains used to redirect the victim depending on some characteristics (i.e. System info, Language, geo location, browser information, operating system, installed plugins and cookies).

The URL redirects victims to a Google doc that displays a dynamically generated video thumbnail that appears like a playable movie, based on the sender’s images. If the victim clicks the thumbnail he his redirected to another customised landing page depending upon their browser and operating system.

“What I noticed during my research was that when changing the User-Agent header (browser information) the malware redirects you to different landing pages. For example, when using FIREFOX I was redirected to a website displaying a fake Flash Update notice, and then offered a Windows executable. The executable is flagged as adware.” continues the analysis.

Google Chrome users, for example, are redirected to a website that appears as YouTube that displays a fake error message popup, tricking victims into downloading a malicious Chrome extension from the Google Web Store.

The fake extension is a downloader that delivers a file to the victim’s computer.

Experts observed similar tricks for Apple Mac OS X Safari users and Linux users.

“It has been a while since I saw these adware campaigns using Facebook, and its pretty unique that it also uses Google Docs, with customized landing pages. As far as I can see no actual malware (Trojans, exploits) are being downloaded but the people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts.” concluded Kaspersky.

To learn more about the dangers of Facebook Fraud, another problem in social media-based Cyber Crime, watch this interview with our Executive Producer and the CBS news team, here: 

Pierluigi Paganini, Editor-in-Chief
Cyber Defense Magazine

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase