New Malware/Adware Spreading Through Facebook Messenger

August 26, 2017 Arrunadayy Koul 1 comment

Do not have time to read full article and want this article in PDF format in your email.

Enter your Email Address

A new malware threat is spreading fast on the Internet, and this time it’s targeting Facebook Messenger users.

If you get this link via Messenger from one of your Facebook friends, do not click on it!

Malware photoThis malware, which replicates over Facebook’s messaging system, Messenger, is circulating and spreading massively. This malware is a form of social engineering used to trick people and steal their sensitive data.

Here’s how it works

The message includes a BIT.LY link which contains a video with the person’s name. Once the user clicks on the malicious link, it redirects the entire traffic through a lot of websites on different domains redirecting the user depending on user on some characteristics.

Un-shortening the URL leads to:

https [://] docs.google [.] com/file/d/0B7rArSLkL3A-dk9ZNVp1NzRUWjg/preview

Video With Man

Source: Heimdal

Here is a series of the malicious URLs involved in delivering and keeping the distribution covert:

http://bitly [.] Com / 2v8tlRs?[Name of recipient] https://docs.google [.] Com / file / d / [unique ID] / preview

http://dilosi [.] Bid / ad / 1010442020

q.redirecting [.] Website

FlashPlayerPro_0851280053.exe

The final destination is a domain where the adware is downloaded.

This strain of adware tracks cookies monitors your online activity and shows different ads that lead to potentially malicious URLs.

Researchers have discovered that this campaign uses various attack angles, such as a browser extension for Chrome and Firefox (users have been sent to fake Sites), or a binary package that installs adware on users’ computers who are using Safari and Microsoft Edge / Internet Explorer.

According to SecureList, when we are using Firefox browser, it sends users to a website displaying a fake Flash Update notice and then showing a Windows executable.

Video Player Face Alert Image

Source: SecureList

The browser extension for Chrome is a downloader, which will download a file to your computer.

Here how it looks:

Fake movie Alert Image

Source: SecureList

The adware is installed from www.currentcleannew.com and is named as a “VideoPlayer,” which looks like a playable movie file that users are tempted to click.

Here is an installation package that will be installed as default to the

c: \% program files% \ Fahi folder

VirusTotal indicated that 26 of 64 antivirus solutions were detecting this malicious code at the time this article was posted.

Virus Total Image

Source: VirusTotal

That’s all the information currently we have on this.

Until then, we firmly recommend being careful while navigating online. Once again: Please don’t click on suspicious links, and remember to install all the latest updates for any Softwares/apps you may be using. Add to that with a robust security tool that can block such malicious domains and you’ll make your online life a lot safer.

 

Subscribe our Youtube Channel

1 Comment on “New Malware/Adware Spreading Through Facebook Messenger

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.