It is not uncommon for users of any social media service to encounter malicious links at the hands of their contacts. There are so many vectors to attack that it is no wonder that so many accounts get hacked. This has been a constant issue especially on Facebook. I am not a huge fan of social media in general, but I do in fact have a Facebook to stay in touch with old friends. I cannot count how many times I have encountered hacked accounts sending me malicious links. These links are quite similar to the ones that security researchers have identified in a current adware campaign targeting Facebook Messenger.
In a report from researcher David Jacoby on Kasperksy Lab’s SecureList, Jacoby details a massive multiplatform assault on users of Messenger on Windows, Mac, and Linux. The attack begins with a social engineering attack in which a compromised account sends a message that looks like this:
While this is incredibly suspicious, clearly individuals are getting tricked into clicking as this attack is spreading rapidly. Upon clicking, a Google doc is opened that, according to Jacoby, takes “a picture from the victim’s Facebook page and created a dynamic landing page which looks like a playable movie.” The fake movie looks like the following image:
Should you click on the “movie,” instead of a film you will be redirected to numerous websites, what David Jacoby calls a “domain chain” determined by “your language, geo location, browser information, operating system, installed plugins and cookies.” This domain chain, resulting from installed adware, generates various ads that may trick you into clicking into more downloadable content. Their display on its own, however, on your browser is enough to generate revenue for the scammers behind this.
The investigation into this adware campaign is ongoing, namely into how it initially entered Facebook Messenger. Facebook has, in response, released a statement to the media on the issue:
We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help
The moral of the story is, even if you know the person on your Messenger list of contacts, do NOT click on sketchy links.