Attackers have taken to Facebook Messenger with a combination of social engineering and malicious JavaScript to spread an adware, something that’s likely earning them a small chunk of change in the process. The attacks were uncovered earlier this week by David Jacoby, a senior security researcher with Kaspersky Lab’s Global Research & Analysis Team, who received a suspicious Facebook message from a contact and analysed its contents. He said, he believes the attack is part of a greater campaign on the social media platform.
The adware campaign is tricking victims into installing malware, using a web page tailored to their browser.
This malicious links are sent by unknown cybercriminals. They are sent from friends account, making them look genuine. These accounts have already been compromised as a result of stolen credentials, hijacked browsers, or clickjacking.
- Browser Hijacking – refers to a piece of software that is installed on your computer and overlaps the standard functionality of your web browser, which works without your permission and is difficult to remove.
- Clickjacking – a malicious technique that deceives web users to click on something different from what the user thinks has clicked, so that he potentially reveals confidential information or loses control over his computer while clicking on seemingly harmless websites.
“This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks. The code is advanced and obfuscated,” wrote Jacoby in a blog post.
The message reads “David Video” and then is followed up with a bit.ly link. Clicking on the link will take you to a Google Docs page having a screenshot photo of that Facebook friend, and it is made to look like a playable movie.
When you try to click on the fake playable movie, the malware redirects you to a set of websites that are different based on the browser you use.
“By doing this, it basically moves your browser through a set of websites and, using tracking cookies, monitors your activity, displays certain ads for you and even, in some cases, social engineers you to click on links,” wrote Jacoby.
The attack is fairly simple. Given the user knows the person they’re receiving the message from, it’s likely they’ll trust what is being sent, and so click on what appears to be links to videos, memes, and other content.