Skip to main content
  1. Home
  2. Computing
  3. Social Media
  4. Web
  5. News

Vulnerability in Facebook's messaging enabled hackers to insert malicious items

Add as a preferred source on Google

Check Point Software Technologies said on Tuesday that it discovered a vulnerability in the Facebook Messenger app and Facebook Online Chat that could potentially allow a hacker to change the conversation thread. While that doesn’t seem all that alarming at first glance (as compared to hacking an account and grabbing credit card details), the hacker could inject links into the conversation, sending recipients to a malicious website. Malicious videos and photos could be added too.

But there are even bigger risks. The company points out that hackers could manipulate a victim’s message history in a fraud campaign to show that the individual reached a “falsified” agreement. Hackers can also alter important messages in a Facebook chat that could cause legal issues, making the victim look guilty in a potential crime even though he or she is innocent.

Recommended Videos

“By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realizing. What’s worse, the hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” said Oded Vanunu, head of products vulnerability research at Check Point.

According to the company, researcher Roman Zaikin found the vulnerability. He discovered that messages sent and received in both chat applications have their own identifier “message_id” parameter. The hacker can get this information by sending a request to a specific Facebook address, and once it’s obtained, the hacker can alter the content of the attached message and send it to Facebook’s servers. Thus, users have no idea their messages were altered.

As an example of an attack, the hacker could send a legitimate message to a potential victim. Once the message is received, the hacker can then alter that message to include a malicious link or file. In the video demo shown above, viewers can clearly see Zaikin controlling the entire Facebook chat, texting that cybercriminals can send malicious content through the vulnerability and fully control the conversation. The infection points can be adjusted “seamlessly,” he writes, and the message remotely deleted from the Facebook account to cover the hacker’s tracks.

“Usually, ransomware campaigns last only several days because the infected links and the C&C addresses become known, and blocked by security vendors, forcing the attacker to shut down his activity and begin again from scratch,” the company wrote in a recent blog post. “However, with this vulnerability, the hacker could implement automation techniques to continually outsmart security measures when the command & control servers are replaced.”

While the report sounds a bit scary knowing that Facebook users could potentially send malware to friends unintentionally, the good news here is that Facebook immediately fixed the vulnerability after it was contacted by Check Point. Still, it’s only a matter of time before another vulnerability is found and Facebook users will have to worry about what they send and receive in chat conversations through the social network. Until then, Facebook members can chat to their heart’s content!

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Microsoft wants Windows 11 and your phone to become best friends
Microsoft's latest plans reportedly focus on making the PC and smartphone experience feel seamless.
Windows 11 PC with Android Phone

For years, Phone Link has felt like that one app everyone knows exists but rarely remembers to open. Microsoft apparently wants to change that. According to a report from Windows Central, the company is working on a major overhaul of how smartphones integrate with Windows 11, making phones feel like a native part of the operating system instead of something users access through a separate app.

Phone Link is coming out of hiding

Read more
What are Copilot+ PCs? Everything you need to know
Copilot

Walk through a laptop aisle in 2026 and the Copilot+ PC branding is highlight for most Windows laptops. From Microsoft's own surface to other PC makers like Samsung, HP, and Dell, you can find notebooks that carry this badge to convey that they are AI-ready. At a glance, the name sounds like it refers to a computer with a better version of the Copilot chatbot, which only explains a small part of it.

A Copilot+ PC is a Windows 11 computer that meets Microsoft’s hardware standard for advanced on-device AI features like a compatible processor with a dedicated NPU. You also need a certain amount of RAM and storage, all of which brings access to Windows features such as Recall, Click to Do, and much more. Many of these experiences use the NPU to process information locally, reducing their reliance on cloud servers and helping them run more efficiently in the background.

Read more
ASUS expands its ProArt lineup with a compact keyboard and a smart creator mouse
The new ProArt KD300 and MD301 are designed to make life easier for designers, editors, and creators.
ASUS ProArt Keyboard KD300 and ProArt Mouse MD301

Creators have long had plenty of powerful laptops and monitors to choose from. Keyboards and mice? Not so much. ASUS is looking to change that with the expansion of its ProArt accessory lineup. Leading the announcement is the new ProArt Keyboard KD300, a compact low-profile keyboard that's designed to work alongside the ProArt Mouse MD301, giving creators a matching desktop setup built specifically for productivity instead of gaming.

A compact keyboard that doesn't sacrifice functionality

Read more