Facebook is one of the world’s popular social media platform. Facebook Messenger lets Facebook users send messages to each other. Complementing regular conversations, Messenger lets users make voice calls and video calls both in one-to-one interactions and in group conversations. Recently a new technique was spotted spreading multi architecture adware/malware across Facebook messenger apps for the purpose of earning clicks.

A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on. After just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. – David Jacoby

This Is How It Works

When you click on the link, you will be redirected to a google doc with a dynamic landing page which looks like a playable movie.

When the play button is clicked, the victim will be redirected through a set of websites which will detect the OS type, browser and other personal details. Depending up on the data collected, the victim will be redirected to the websites

The code seems to be advanced and obfuscated, making it hard to know whats really going on.

Below is the screenshot of the javascript.

Behavior

It is said that each browser and each OS behaves differently to this attack. For example, while using firefox, the victim will be redirected to a page that will force the user to download an executable file

While using chrome, the browser was landing on a malicious page that looks same as youtube page, which will ask the victim to download a google chrome extension

More information about this malware can be found here.

How not to be Victim?

This malware uses the old fashioned Social Engineering method of making the victim click on a malicious link from your friend on facebook. So never click on any suspicious links or thumbnails from anyone in messenger without verifying. Always keep your Firewall and anti Malware software uptodate.

Comments

comments