Malware is spreading via Facebook Messenger as part of an attack campaign designed to infect users with multi-platform digital threats.In early August, Kaspersky Lab senior security researcher David Jacoby received a curious message via Facebook’s messenger service. The message originated from one of his friends with whom he rarely speaks on the social networking platform. It also consists of only three parts: the recipient’s first name, the word “Video,” and a bit.ly link.
The Google Doc disguised as a playable movie. (Source: Securelist)For instance, the malware redirects Google Chrome users on any operating system to what appears to be a YouTube video. The web site displays a message saying the video won’t play because the user lacks a “codec extension.” It then prompts the user to install the extension, which is in actuality a downloader.As of this writing, no file came with the fake extension, but that might not be the case days or weeks from now. Attackers could easily leverage the downloader to infect unsuspecting users with malware.Meanwhile, if it detects a OSX user browsing the web via Safari, the malware redirects them to a fake website containing a Flash Media Player installation prompt. Clicking the “Install” button downloads an OSX .dmg executable. In reality, this file is adware.
Fake Flash Media Player installation prompt for macOS Safari users. (Source: Securelist)This malware isn’t the first digital threat to abuse Facebook Messenger for distribution, and it certainly won’t be the last. With that said, users should protect themselves by exercising caution around suspicious links, especially those that are shortened. They should also familiarize themselves with some of the most common Facebook scams so that they can enjoy the platform with a heightened sense of security awareness.