A virulent spam campaign has hit Facebook Messenger during the past few days, according to recent warnings issued by Avira, CSIS Security Group, and Kaspersky Lab.
The Facebook spam messages contain a link to what appears to be a video. The messages arrive from one of the user's friends, suggesting that person's account was also compromised.
The format of the spam message is the user's first name, the word video, and a bit.ly or t.cn short-link.
Users that click on the links are redirected to different pages based on their geographical location and the type of browser and operating system they use.
It's been reported that Firefox users on Windows and Mac are being redirected to a page offering a fake Flash Player installer. Kaspersky says this file installs adware on users' PCs.
On Chrome, the spam campaign redirects users to a fake YouTube page pushing a malicious extension. It is believed that crooks use this Chrome extension to push adware and collect credentials for new Facebook accounts, which they later use to push the spam messages to new users also via the same malicious Chrome extension.
my mom somehow keeps getting these weird, creepy malware chrome extensions that send spam on facebook pic.twitter.com/PzFvNMOT1C
— thick water (@aikii) August 24, 2017
Users that encounter this spam campaign should avoid clicking on the malicious links, but also reach out to the person who sent the message and advise him to change his account credentials. Reporting the spam messages to Facebook is also recommended.
Comments
rhasce - 6 years ago
And how the hell is facebook allowing this messages?
Anulled - 6 years ago
From what the article states the extension messages on behalf of them.
I'm sure it isn't too hard to make some js that runs on facebook that messages contacts.
Occasional - 6 years ago
Are you really counting on Facebook, Microsoft, Google..., to make your web activity secure? Would be nice if they did/could - but you can help yourself by being more careful.
When you send emails, or messages, append something (like your nickname), to the subject. Also, be descriptive in your subject lines; and avoid using lines that too easily fit anyone (like "Check it out!", "The video/file/stuff... you asked for"). If you and your web buddies take a few seconds to show it probably did come from you, you're less likely to get spammed and scammed.
cjgiam - 6 years ago
I have been around & around with Facebook on other security issues. They couldn't care less!
All I ever get is pi*s-poor excuses, or they "see no violation of Facebook policy" even though there are undeniable hacks, and that's if they even answer at all.