Just Say NO to Facebook Messenger Malware
Fly fishermen are always tying new flies, refining the tricks they play on trout and other piscean species. Likewise, phisher-men in the digital waters constantly try new ways to get you to bite on their hook, which is baited with malware. Recently, researchers at Kaspersky Lab reported a fancy new “fly” involving Facebook’s Messenger, the bigger, better messaging app that Facebook is pushing to replace that awful, tiny, temperamental chat box. Read on to see how Messenger has been used to deceive users into clicking links that lead to loss...
How Does the Messenger Scam Work?
Before we begin, let me underscore that Facebook Messenger is not malware (at least not in the commonly-accepted definition of the word). It's a tool that clever hackers have found a way to exploit for evil. The same thing can be said of your favorite messaging app, email program, web browser, or word processor. But today, we're focusing on a nasty trick played on Messenger users. Here's what you need to know:
First, you receive a Messenger message from a Facebook friend. You “know” it’s your friend by his profile picture in the message, right? Wrong. That’s an image that anyone can download and use for any purpose, including nefarious ones.
Lulled by your friend’s face, you obligingly click on the link right underneath the message, which is short and to the point: “
Click on that “video” link while using Chrome and you will be whisked away to Google Drive. There you will see something like a YouTube video page complete with a control panel, a “Play” button, and in the background the comforting photo of your pal. What could go wrong?
First, no YouTube page will ever ask your permission to install a browser extension, as this fake does. If you fall for that trick by agreeing to the “extension’s” installation you are, in fact as well as effect, telling Windows’ security to “go ahead and run this unknown program from an unknown source.” What happens next?
The unleashed malware instantly sends Messenger messages to all of your friends; they are exactly the same as the phish that you received only with your profile photo instead of your friend’s. The vicious cycle of infection and re-infection continues.
Users of other browsers are told they need to update Adobe Flash Player instead of a browser extension. That malware turns out to be adware designed to generate profits for the hackers. But that’s not all the damage this one little “video” link does!
A Bit of Background Geekery
For Chrome users, the fake extension begins to monitor all of the sites they visit. When a victim visits Facebook and logs in, the extension steals those credentials and Facebook’s “access token” that gives apps temporary access to Facebook’s API (Application Programming Interface). These precious bits of data are sent back to the hackers. Let’s see how they are used.
Have you ever seen a warning that an app wants permission to “access your contacts?” That’s what this malware is after with its FQL queries. It then quickly chooses 50 of your contacts at random from among those presently online, and sends that one-word bait, “video,” plus the link that starts the unholy chain of events all over again.
Eternal Vigilance, Blah, Blah, Blah
Several teams of security researchers from all over the world joined together to stop this threat. But another like it will arise - many others, now that the modus operandi has been published. The next one may use bait more sophisticated than the word “video…” which, unless you have very taciturn friends, is a telltale sign that something is amiss.
The moral: Be careful on Messenger, in your email inbox, and any other place where you are tempted to click a link before engaging your brain. No anti-virus software can protect from all known threats, especially the rapidly-evolving types of malware more common today. As I've said before, a simple phone call (or text message) to the alleged sender of a questionable link can confirm if it's bogus or benign.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 21 Feb 2018
|For Fun: Buy Bob a Snickers.|
HOWTO: Reverse Directory Searching
The Top Twenty
Geekly Update - 22 Feb 2018
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Just Say NO to Facebook Messenger Malware (Posted: 21 Feb 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved