The latest social chat service to become a victim of malicious malware and adware links is Facebook Messenger. According to Kaspersky Labs, cybercriminals are sending malicious links to Facebook Messenger users, helping track browser activity and display targeted advertisements – and thereby generating revenue.
Interestingly, the malicious link arrives through one of your friends account on Messenger to fake legitimacy. The message reads “David Video” and then is followed up with a bit.ly link. Clicking on the link will take you to a Google Docs page having a screenshot photo of that Facebook friend, and it is made to look like a playable movie.
When you try to click on the fake playable movie, the malware redirects you to a set of websites that are different based on the browser you use. “By doing this, it basically moves your browser through a set of websites and, using tracking cookies, monitors your activity, displays certain ads for you and even, in some cases, social engineers you to click on links,” said David Jacoby, senior security researcher in the global research and analysis team at Kaspersky Lab..
For example, Firefox and OSX Safari browsers are redirected to a website displaying a fake Flash Update notice, and then offered a Windows executable and a OSX executable respectively, both of which are flagged as adware. Google Chrome website redirects you to a website which mimics the layout of YouTube, even including the YouTube logo. It then shows a fake error tricking you to download a malicious Google Chrome extension from the Google Web Store.
The biggest play here is that it is made to be sent by one of your friends on Facebook, increasing chances of you clicking on it. We advise you to not click on any unknown links, before rechecking for its legitimacy with the friend who sent it. Avoid clicking on random shortened links as much as possible on Facebook Messenger, even if they are sent from friends. “The people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts,” said Jacoby. The cybercriminals behind these attacks are unknown at the moment.
ZDNet got in touch with Facebook to ask if they were aware about the matter. A spokesperson for Facebook told the publication, “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook. If we suspect your computer is infected with malware, we will provide you with a free antivirus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.”