David Jacoby a senior security researcher at Kaspersky Lab, is trying to get the word out that Facebook Messenger is now being used to spread malware. Where these things start is often hard to tell but once the malware finds a victim it spreads by causing users of Facebook Messenger without them knowing to send out personalized hoax messages to their contacts that include a virus-ridden link. The messages are structured with the recipient’s name, the word ‘video,’ a shocked emoji, followed by a shortened URL link as well. Since the message appears to be being sent by a friend, the recipient of the message is much more likely to click on the sent malicious link.
When the hoax link is clicked, the malware redirects the victim to any one of the compromised websites the cybercriminals have set up, based on factors such as the victim’s location, the operating system and browser being used. For example, Mozilla Firefox users on Windows and Mac are taken to a page offering a fake Flash Player installer, which infects the user’s PC with adware via a Windows executable. Google Chrome victims who click on the hoax link are taken to a fake YouTube channel that looks very real. A bogus error message will appear on the fake Youtube website that would require downloading of a Chrome extension, which is malware. Meanwhile, Safari victims will receive a website link that is compatible with macOS. The unlucky user is asked to download a .dmg file that also happens to be adware.
According to David Jacoby: “This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks. The code is advanced and obfuscated.”
Not only will the malicious software infect your phone or computer, but like a bad chain letter, it then uses your Facebook Messenger contacts to send hoax messages and links. Once the malware is installed on your computer or phone it can keep tricking you into downloading more adware. Some of the adwares are quite malicious and could allow cyber criminals to steal your passwords and or banking details if you later use them to shop online. Facebook Messenger users that are sent the spam message should instead reach out to the person who sent the message and advise them that they have been hacked.