A Kaspersky Lab researcher has discovered new malware infecting victims through Facebook Messenger. However, the security firm has not been able to determine exactly how this malware/adware is spreading on Facebook Messenger.
According to a Kaspersky report, the malware could be spreading via “stolen credentials, hijacked browsers or click-jacking,” and the firm is still trying to confirm the exact method involved. So how does the adware spread? A message called “David Video” appears in the Messenger app, which has a bit.ly link. The report adds, “The malware relies on social engineering for infection, inviting users to click on a link that points to a Google doc.” This Google Doc has looks like a playable movie and even uses the profile picture of the victim to make it seem more convincing to the unsuspecting user who has clicked on the spam link.
After the user has clicked on the Google Doc movie, the malware redirects them to a set of websites which list out their browser, OS, etc. The Kaspersky blog post points out, the adware “basically moves your browser through a set of websites and, using tracking cookies, monitors your activity, displays certain ads for you and even, in some cases, social engineers you to click on links.” It also tricks users into adding extensions into their browser and this was noted in the case of Google Chrome.
The adware might not be linked to any Trojans or relying on exploits to put a user’s security at risk, but it is tracking users “via malicious websites based on criteria like “language, geo location, operating system, browser information, installed plugins and cookies, etc,” points out the security firm.
Kaspersky points out the people behind new adware scam are making money via “unsolicited advertising and getting access to many Facebook accounts.”