Hackers now are using Facebook Messenger for spreading malicious links to its users, IBTimes reports. The basic aim of hackers is to trick the victims into downloading various forms of adware. This has become possible for hackers due to stolen passwords, hijacked web browsers, and with another unique technique known as click jacking.
According to a cyber-security expert, this malware has found its way through Facebook Messenger. By using tons of domains to prevent tracking and earn clicks, it serves multi-platform malware. In order to trick users into clicking a link, the Facebook message uses typical social engineering tactics. For the purpose, a message is sent with victim’s name along with a shocked emoji and a shortened link to a blurred out video.
This link upon analysis was pointed towards a Dynamic Google Doc landing page which has been framed to look like a playable movie. A user is redirected to a slew of websites by the malware upon clicking the link. It’s them when a computer’s operating system and internet browser is analyzed. With the help of this trick, a user’s browser is moved through a set of websites, uses tracking cookies, monitors the activity, and displays certain ads for clicking. The website that a user is redirected depends upon which browser is being used. The website was made similar to YouTube on Google Chrome browser. A fake error message was used to urge user for downloading the mischievous extension.
“This was spreading via Facebook Messenger, serving multi-platform malware/adware, using tons of domains to prevent tracking, and earn clicks. The code is advanced and obfuscated,” said David Jacoby, an expert at cybersecurity firm Kaspersky Lab (24 August).
People behind the malware are making a lot of money advertising and gaining access to numerous Facebook accounts, therefore, it is strictly recommended not make click unknown links.