It has been reported that 10,000 Facebook users were tricked into installing malware this week, an infection that spread quickly by mimicking Facebook’s notifications feature inside Facebook Messenger. It just might be the most successful malware bot on Facebook’s Messenger platform yet.
Victims received a message “from a friend,” which stated that the friend mentioned them on Facebook. Clicking the link didn’t take users to a Facebook post, however, but instead installing a trojan complete with a Chrome extension that automatically hijacked the victim’s Facebook account. From there, the malware spread to more users.
“A successful attack gave the threat actor the ability to change privacy settings, extract data, and more, allowing it to spread the infection through the victim’s Facebook friends or undertake other malicious activity such as spam, identity theft, and generating fraudulent ‘likes’ and ‘shares,’” said a Kaspersky release on the malware. The malware would also blacklist the URLs for anti-virus software, making it harder to remove.
It seems as though only Windows desktop users were vulnerable to the infection, Kaspersky is reporting, though it’s possible the malware could spread on Windows phones. Android and iOS are immune. Infections occurred mostly in Brazil, Poland, Peru, Colombia, Mexico, Ecuador, Greece, Portugal, Tunisia, Venezuela, Germany, and Israel, according to Kaspersky.
“Two aspects of this attack stand out,” said Ido Naor, senior Security researcher at Kaspersky Lab. “Firstly, the delivery of the malware was extremely efficient, reaching thousands of users in only 48 hours. Secondly, the response from consumers and the media was almost as fast. Their reaction raised awareness of the campaign and drove prompt action and investigation by the providers concerned.”
Facebook has taken steps to slow the malware’s spread, and Google has removed the offending Chrome extension from the Chrome Web Store. So the malware should be slowed, for now, but if you’re worried about your computer be sure to run a malware scan today.
- Cryptocurrency mining bot spreading via Facebook Messenger in Chrome for desktop
- Facebook’s fake-news flag no longer flies as related articles take over
- Facebook says job ads that target by age aren’t (necessarily) discriminatory
- HTC Vive owners can now get social with Oculus Rift friends in Facebook Spaces
- Facebook apologizes after report shows inconsistencies in removing hate speech