With the rising cyber attacks in this digital era, the latest app to become infected with malicious malware and adware links is Facebook Messenger.
According to a security researcher, cyber criminals are now using the Facebook Messenger app to basically spread adware by sending malicious links to users, and then redirecting them to fake versions of popular websites. Thereby generating ad clicks and generating revenue at the same time.
David Jacoby, a Senior Security Researcher at Kaspersky Lab said,"This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks. The code is advanced and obfuscated."
Besides, it seems that the malicious links are being sent from Messenger accounts that have been hacked with stolen credentials, hijacked browsers, or other cases. Basically, the malicious link pops up through one of your friends account on Messenger to fake legitimacy.
And it is quite impossible to just ignore that message, given that it is from a known user. So users will easily trust what is being sent and they further click on the links to videos, memes, and other content.
In this case, the user is sent a message composed of their name followed by the word 'Video', and a shocked emoji face with a shortened URL. As it happened, the security researcher received a message that read,"David Video" and followed by a bit.ly link.
When the link was clicked it led to a Google Doc with a blurred photo taken from the victim's Facebook page and it further looked like a playable movie. But when clicked on the fake playable movie, the malware will redirect the victim to a set of websites that are different based on the browser they use, location and other things.
"By doing this, it basically moves your browser through a set of websites and, using tracking cookies, monitors your activity, displays certain ads for you and even, in some cases, social engineers you to click on links," said Jacoby.
For instance, Firefox browser will be redirected to a website displaying a fake Flash Update notice, and then the website attempts to install an adware.
Google Chrome websites will be redirected to a website which looks like the YouTube page, that includes the official YouTube logo. It then shows a fake error tricking the victim to download a malicious Google Chrome extension from the Google Web Store. As for Safari users, they are redirected to a similar page customised for macOS, which offers the download of a .dmg file, and this is again an adware.
Currently, not much is known about the campaign or the attackers behind it. They are carrying out this adware attack due to the massive number of Facebook Messenger users which further serves as an extremely large target for the attackers.
"The people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts," said Jacoby.
Amidst all these, one thing we can suggest for you to be safe is that you have to be very careful about shortened URL links that your Facebook friends send you. You will have to be a little skeptical and avoid clicking on random shortened links as much as possible on Facebook Messenger.
In the light of this event, a Facebook spokesperson told ZDNet,"We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook. If we suspect your computer is infected with malware, we will provide you with a free antivirus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help."