Security researchers David Jacoby from Kaspersky Labs and Frans Rosén from Detectify have uncovered a Multi Platform Facebook malware that was used by hackers to install adware on user devices.
Hackers used the Multi Platform Facebook malware to send malicious links to Facebook users and mask adware as Chrome extensions.
Even though Facebook has been working a lot lately to plug malware injections through its apps, hackers are still able to use some obsolete Facebook features and phishing techniques to install malware and other spying tools on user devices.
As security researchers David Jacoby and Frans Rosén have analysed and confirmed, hackers are using malicious video links to convince users to click on them and install adware in their devices. The initial tactic is to send a video link to a Facebook user on the Messenger app from a friend’s hacked profile, considering that users are more inclined to click on links that are shared by the people they know.
Once a user clicks on the link, he is redirected to a Google Drive page with a play button on it and a picture of the sender. Once he clicks on the ‘play’ button, the user is then redirected to another page that resembles YouTube and asks the user to install a Chrome extension to view the video.
If a user is using another browser, he is asked to install an Adobe Flash Player update instead. Both Chrome extensions and Flash updates are in fact cleverly disguised malicious links which if clicked, start downloading and installing adware on user devices.
“The attack relied heavily on realistic social interactions, dynamic user content and legit domains as middle steps. The core infection point of the spreading mechanism above was the installation of a Chrome Extension. Be careful when you allow extensions to control your browser interactions and also make sure you know exactly what extensions you are running in your browser,” writes Jacoby in his blog post on the malware infection.
The Multi Platform Facebook malware thus downloaded then proceeds to monitor the user’s browsing activity and also steals his Facebook login credentials to use his account to infect those who are on his friends list. The more users click on such malicious links and open their devices to malware, the more the infection spreads to new devices and countries.
“To stay safe and not fall victim to similar malicious campaigns, avoid installing browser extensions without absolute confidence that they are safe, that they will not steal your data, and that they won’t track your online activities,” says Kaspersky Labs.
“Also, clicking every link, even links that seem to be from someone you know, is out of the question. It is always a good idea to make sure that it is really your friend on the other end of the line, not some criminal who took control of your friend’s account,” the firm adds.
Hackers have also been using Facebook memes and questions to keep track of users’ activities and to gain more information about them. A number of security experts are now suggesting that users refrain from participating in such public memes and questions so as to protect their identities.
“I typically advise people not to answer those questions. It’s not worth it,” says Tom Gorup, director of security operations for Rook Security to USA Today. He believes answering personal questions on Facebook may lead hackers to gain valuable information about users, which they can use to hack into their online accounts.
The first concert one visited is a common security question used by banks and e-mail vendors to protect accounts, and divulging them on Facebook isn’t a very bright idea.