Despite the apparent break from international ransomware attacks, hackers are still keeping themselves busy, this time using an adware campaign that could easily be one of their most cunning tricks yet. If you use Facebook Messenger, you need to read this.
What is it?
Little is known about the adware itself or those behind it, but it was uncovered by David Jacoby, senior security researcher at Kaspersky Lab, when he received a Facebook message from one of his friends, only to find out that wasn’t the case.
Basically, the adware uses Facebook Messenger to track your browser activity and pushes you to click on malicious ads or give out personal information.
How does it work?
By clickjacking and hijacking credentials of Facebook users, the adware is able to send messages to people in the victim’s contact list. If you’re one of those people, you’ll receive a phony message from your friend’s compromised Facebook account.
The message includes your friend’s name followed by the word “Video,” a shocked face emoji, and a shortened URL. Once clicked, the URL will redirect you to a Google Doc with a blurred photo taken from your friend’s Facebook page, disguised as a video. If you click on the “video”, you’ll be redirected to one of a number of targeted websites based on your browser, operating system, and location.
For instance, if you use Google Chrome, you’ll be sent to a website that looks exactly like YouTube, complete with the official logo. The hoax website will show you a fake error message to trick you into downloading a malicious Chrome extension.
If you’re on Firefox, you’ll be sent to a site with a false Flash Player update notice and a Windows adware executable; the same goes with OS X except the adware is hidden in a .dmg file.
The goal here is to move your browser through a set of websites so tracking cookies can monitor your activity and display malicious ads or you can be “social engineered” to give up confidential information.
How do you avoid falling victim?
Facebook has rolled out a number of automated systems to stop harmful links and files. What’s more, they will provide you with a free antivirus scan if they suspect that your account has been compromised by adware.
Still, you should be very skeptical about any shortened URL links sent to you by your Facebook friends, no matter how long you’ve been friends.
Due to their low key nature as potential security endpoints, cyber criminals are turning to social media platforms as their new medium of choice. To keep your business safe, you need to stay up-to-date and educate your employees. If you have any other questions about social media and how it can impact your business, just give us a call.