Short Bytes: The researchers at Kaspersky Labs have uncovered a new Facebook Messenger malware. The malware fools people into clicking on malicious links and attempts to download adware. This campaign is targeting Windows, macOS, and Linux users–so, don’t click on any suspicious links sent by your friends. The researchers are still studying the attack and the actual working mechanism remains unknown.
The ill-famed cyber criminals are known for trying out new attack vectors to attack and surprise the unsuspecting internet users. These days, they are using Facebook Messenger as a means of fooling the users into visiting fake versions of popular websites. It’s becoming a lucrative means of spreading a malware via Facebook is easy; you act as a honey pot when your friends click on malicious links.
The most recent threat uncovered by the security researchers at Kaspersky is a multi-platform malware that uses lots of domains to block tracking and complete its job of making people click on the links.
While the malware initially spreads via Messenger, the actual mechanism of spreading is still unknown as the research is ongoing. However, it’s evident that the malware uses the popular social engineering technique. You might receive a message that reads “<your name> Video,” accompanied by a bit(dot)ly link.
Once you’ll click the Messenger Malware link, you’ll be taken to a Google Doc page. The new page will already have your picture, which is taken from your Facebook, making you less suspecting. The landing page will look like a playable movie. In case you end up clicking on the fake movie, you’ll be redirected to different websites which gather information regarding your OS, browser, etc.
You might argue that such attacks aren’t new. But, what sets this Messenger malware apart is its ability to offer different landing pages by changing the User-Agent header. It’s called a domain chain.
For example, if you’ll use Firefox, you’ll be taken to a page displaying Fake Flash update notice and different Windows executables, which are basically adware. In case of Chrome, you’ll be taken to a fake YouTube page with a popup for downloading a malicious extension.
As this malware is cross-platform, it affects MacOS Safari and attempts to download adware. Linux is also affected, according to The Hacker News.
The simplest way to defeat such Messenger Malware attacks is to avoid clicking on random and shady links. Keep your security solution updates and make your friends/family aware of such attacks.
