Security companies have warned that new multi-platform malware and adware is spreading through Facebook Messenger.
David Jacoby at Kaspersky Lab said he received a strange message on Facebook from a person he rarely speaks to.
“After analysing the message, I understood that I was just peeking at the top of this iceberg,” said Jacoby.
“This malware was spreading via Facebook Messenger, serving multi-platform malware and adware, using tons of domains to prevent tracking, and earning clicks. The code is advanced and obfuscated.”
The spreading mechanism appears to be Facebook Messenger, but how it spreads is unknown. “It may be from stolen credentials, hijacked browsers, or clickjacking. At the moment, we are not sure.”
The message reads “Peter Video” – as an example – with a bit.ly link – which hides the true URL.
The link points to a Google doc. The document has already taken a picture from the victim’s Facebook page and created a dynamic landing page which looks like a playable movie.
When the victim clicks on the fake movie, the malware redirects them to a set of websites which enumerate their browser and operating system.
Depending on their OS, they are directed to other websites.
“This technique is not new. I would describe it as a domain chain – just a lot of websites on different domains redirecting the user depending on some characteristics.”
“We know that clicking on unknown links is not recommended, but through this technique they basically force you to do so.”
Jacoby said the adware campaign is quite unique as it uses Google Docs, with customized landing pages, along with Facebook.
“Please make sure you don’t click on these links, and update your antivirus,” said Jacoby.
What to watch out for
An example of the malware message is below.