Fake Messages Rigged With Malware Are Spreading Via Facebook Messenger (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Fake Messages Rigged With Malware Are Spreading Via Facebook Messenger (bleepingcomputer.com)

Posted by BeauHD on Thursday August 24, 2017 @02:05PM from the spam-campaign dept.

According to recent warnings issued by Avira, CSIS Security Group, and Kaspersky Lab, a virulent spam campaign has hit Facebook Messenger during the past few days. "The Facebook spam messages contain a link to what appears to be a video," reports Bleeping Computer. "The messages arrive from one of the user's friends, suggesting that person's account was also compromised." From the report: The format of the spam message is the user's first name, the word video, and a bit.ly or t.cn short-link. Users that click on the links are redirected to different pages based on their geographical location and the type of browser and operating system they use. It's been reported that Firefox users on Windows and Mac are being redirected to a page offering a fake Flash Player installer. Kaspersky says this file installs adware on users' PCs. On Chrome, the spam campaign redirects users to a fake YouTube page pushing a malicious extension. It is believed that crooks use this Chrome extension to push adware and collect credentials for new Facebook accounts, which they later use to push the spam messages to new users.

44 comments

Min score:

Reason:

Sort:

Wearing protection. by Anonymous Coward · 2017-08-24 14:12 · Score: 0

Just makes browsing under a VM look better and better.
Praise be to Allah by Anonymous Coward · 2017-08-24 14:12 · Score: 0

I though this would be another Elon Musk article.
Not Suprising by Anonymous Coward · 2017-08-24 14:14 · Score: 0

Facebook is not real.
Mark Zuckerberg, ... well ... there is little verifiable evidence admissible in court that he is ... a human being ... let alone ... a ... man.
Ha ha
Just say no to FaceBook. by toonces33 · 2017-08-24 14:17 · Score: 1

Well I don't have a FB account, so it doesn't matter to me.
1. Re:Just say no to FaceBook. by Anonymous Coward · 2017-08-24 14:26 · Score: 0
  
  thn how u tlk to ppl bro????????
2. Re:Just say no to FaceBook. by Anonymous Coward · 2017-08-24 14:45 · Score: 0
  
  I don't talk to people, and people don't talk to me.
3. Re:Just say no to FaceBook. by Anonymous Coward · 2017-08-24 15:01 · Score: 0
  
  Even if you not use FaceBook you probably have a shadow account:
  https://www.groovypost.com/news/facebook-shadow-accounts-non-users/
  https://www.digitaltrends.com/social-media/what-exactly-is-a-facebook-shadow-profile/
  https://www.securemac.com/checklist/shadow-profiles-social-media
4. Re: Just say no to FaceBook. by Anonymous Coward · 2017-08-24 15:26 · Score: 0
  
  Ok but how am I going to see a link to click and infect myself if I don't ever go to FB?
5. Re:Just say no to FaceBook. by Anonymous Coward · 2017-08-24 15:42 · Score: 0
  
  thn how u tlk to ppl bro????????
  Speaking with people like you is a waste of time. That's why we don't have Facebook accounts because Facebook is full of dingbats like you.
6. Re: Just say no to FaceBook. by Anonymous Coward · 2017-08-24 15:44 · Score: 0
  
  They will use your eula and your "miss-click" from a smartphone to automate your spyware installation via a link sent via an already infected but somewhat trusted source...
7. Re:Just say no to FaceBook. by Anonymous Coward · 2017-08-24 16:09 · Score: 0
  
  The sarcasm detector is weak with this one.
8. Re:Just say no to FaceBook. by Anonymous Coward · 2017-08-24 20:58 · Score: 1
  
  "I was only pretending to be retarded" - AC
9. Re:Just say no to FaceBook. by Zedrick · 2017-08-24 22:53 · Score: 1
  
  "The joke went over my head so now I have to pretend it's the previous AC that's retarded" - AC2
10. Re:Just say no to FaceBook. by Anonymous Coward · 2017-08-25 01:28 · Score: 0
  
  Well I don't have a FB account, so it doesn't matter to me.
  Wow, it took zero time before the first "I don't use FB!" post. Tell us, do you also not have a television? We're dying to know.
11. Re:Just say no to FaceBook. by Anonymous Coward · 2017-08-25 04:50 · Score: 0
  
  Calling everything viruses and malware just seems stupid. This absolutely 100% seems like it should be called a worm.
Good by Anonymous Coward · 2017-08-24 14:42 · Score: 0

I was wondering why I haven't seen any malware for years. Apparently they have malware on social media now. Which is absolutely fantastic for me since I never use social media.
1. Re:Good by Anonymous Coward · 2017-08-24 14:55 · Score: 0
  
  That was our goal. Put the rubes into a large box, full of internet malware, and see what happens. Basically most of them never noticed.
  I would take credit, but Zuck may be monitoring this. His wrath is swift and painful.
2. Re:Good by Anonymous Coward · 2017-08-24 15:55 · Score: 0
  
  That's a cool poster on the wall behind your desk.
Fake Presidents are spreading their ass on twitter by Anonymous Coward · 2017-08-24 15:08 · Score: 0

And nobody complains! He's making America so fucking GREAT! Lol
Deja vu by Tablizer · 2017-08-24 15:28 · Score: 2

Fake messages from bad hombres discovered by Russians? Where have I heard that before?

--
Table-ized A.I.
browser discrimination by KiloByte · 2017-08-24 15:37 · Score: 2

So Firefox users on Windows and Mac get something, so do those on Chrome... but, what can I get on eLinks on arm64 Linux?

--
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
1. Re:browser discrimination by Anonymous Coward · 2017-08-24 19:03 · Score: 0
  
  You get redirected to a Russian mail-order bride website, because in that case you DEFINITELY need to get laid.
2. Re:browser discrimination by Anonymous Coward · 2017-08-24 20:31 · Score: 0
  
  So Firefox users on Windows and Mac get something, so do those on Chrome... but, what can I get on eLinks on arm64 Linux?
  http://goatse.ch/
3. Re:browser discrimination by schleimkeim · 2017-08-24 22:47 · Score: 1
  
  someone made a .ch domain with goatse? god bless whoever did this.
4. Re:browser discrimination by Anonymous Coward · 2017-08-25 05:05 · Score: 0
  
  So Firefox users on Windows and Mac get something, so do those on Chrome... but, what can I get on eLinks on arm64 Linux?
  No images.
Yahoo by Anonymous Coward · 2017-08-24 18:52 · Score: 0

Did it! /General Disarray
Water is wet, sun is bright, Pope is Catholic by Anonymous Coward · 2017-08-24 20:24 · Score: 2, Interesting

Users that click on the links being the key phrase here.
Guns are always loaded, shortened URLS always lead to malware. Especially when they don't. If you post a shortened URL, you should be permanently banned and flagged as a spammer. If you click on a shortened URL, you are a fucking idiot. There is no legitimate reason to use shortened URL services. No exceptions. Your one edge case is objectively wrong and it makes you a shill for malware venders.
People being idiots is not news. Death to bit.ly and all URL shorteners.
1. Re:Water is wet, sun is bright, Pope is Catholic by Anonymous Coward · 2017-08-25 04:52 · Score: 0
  
  Users that click on the links being the key phrase here.
  Guns are always loaded, shortened URLS always lead to malware. Especially when they don't. If you post a shortened URL, you should be permanently banned and flagged as a spammer. If you click on a shortened URL, you are a fucking idiot. There is no legitimate reason to use shortened URL services. No exceptions. Your one edge case is objectively wrong and it makes you a shill for malware venders.
  People being idiots is not news. Death to bit.ly and all URL shorteners.
  That's dumb and paranoid. What about Twitter and it's 140 character limit? What about text messages, etc? I'm ITSec and your opinion is just stupid.
2. Re:Water is wet, sun is bright, Pope is Catholic by Anonymous Coward · 2017-08-25 05:47 · Score: 0
  
  That's dumb and paranoid. What about Twitter and it's 140 character limit? What about text messages, etc? I'm ITSec and your opinion is just stupid.
  Scary that you are even 5 feet away from ITSec.
  See, the Adults know that if you don't DO certain things, then there are no resulting actions that can do things to you (your family, your computer, etc).
  The best security is knowing what is not secure, and avoiding it if possible.
  When you grow up you will find out that things like software-based firewalls are not a solution to everything.
  Real security means you still have to think, and you have to know what is truly secure or not.
How is this new? by Anonymous Coward · 2017-08-24 20:29 · Score: 0

Things like this aren't new. They've been going around for years.
In the days of windows/msn/microsoft messenger there was the "Is this you?" thing.
I'm sure it would have been there in the days of IRC too.
"It's been reported that Firefox users on Win... by Anonymous Coward · 2017-08-24 20:43 · Score: 0

...dows and Mac are being redirected to a page offering a fake Flash Player installer. "
Oh, Heavens to Betsy!
A _fake_ Flash Player installer! Who would ever think of doing such a dastardly thing!
I happily never frequent such places where things like this may be commonplace.
Places like Face.bork.bork.bork
And neither should you.
Right from the link by n329619 · 2017-08-24 20:54 · Score: 1

a bit.ly or t.cn short-link
is the starting sign to be cautious. Without know the actual web link, it is very likely for it to redirect right into a virus / zero-day exploit. All it takes is a single click.
If the user really needed the content from the link, they should use a VM or something. Otherwise, they should expect their pc to be trashed with malware upon clicking.
1. Re:Right from the link by Anonymous Coward · 2017-08-24 22:17 · Score: 0
  
  If it's behind a shortened URL, you don't need it.
Why do people still fall for this shit?! by wardrich86 · 2017-08-25 00:20 · Score: 1

Seriously... the internet has pretty much existed in the general public for a good 21+ years now. These shitty tricks haven't changed since they started, and yet, morons still fall for them. I'm at the point now where if an adult falls for this shit, they deserve to be compromised. And if a kid downloads it, I'd certainly hope their parents are smart enough to teach them not to fall for that shit ever again. I'm not even going to let my kids touch social networking and IM until they're old enough to understand some basics of the internet and computing.
1. Re:Why do people still fall for this shit?! by poofmeisterp · 2017-08-25 05:13 · Score: 1
  
  "Because... The picture or video looks different every time... and that's confusing and misleading! It's not fair that I can't see that picture or video because I wanted to see it so badly. Now I really want to see it but the ads won't get out of the way!"
  Note quotes. Face-Desk.
Fake? by IRGlover · 2017-08-25 01:23 · Score: 1

Wait, so if they are fake messages then they aren't actually messages so this is a purely theoretical issue, right? I know that "Fake" is the latest buzzword for anything that you think is a bad thing, but these are real messages. They are just spam, and we've had those for decades. Likewise they aren't "Rigged with Malware", they link to a page that contains malware for people to download.
The clickbait-style titles manufactured by editors aren't doing the site any favours as they are just lowering the (already pretty low) quality of posts even further.
1. Re:Fake? by gnick · 2017-08-25 01:42 · Score: 1
  
  The messages are real. The sources are fake.
  
  --
  He's getting rather old, but he's a good mouse.
2. Re:Fake? by poofmeisterp · 2017-08-25 05:19 · Score: 1
  
  The messages are real. The sources are fake.
  You're dead-on. Unfortunately, in 21st-century English lingo, you have to insert the word "like" in it somewhere, and pretty much follow the path of logic from top to bottom, refining the sentence with each iterate cycle until the end sentence is, "Everything is, like, SO FAKE!"
  I believe that is the correct vernacular. At least under the age of 29, and under the IQ of 100. Numbers are variable. Mileage may vary. [insert legal lingo here]
  Yep. That's 21st century. Or wait, am I supposed to be silent? Geez, like, I have so much trouble, like, keeping track of this shit, ya?!
In other news... by Chmarr · 2017-08-25 02:35 · Score: 1

... fake news articles rigged with believable but totally wrong information are spreading via justabouteverythingontheinternet.
Go a head... by MerlTurkin · 2017-08-25 05:08 · Score: 1

Keep using Facebook you dopes!
1. Re:Go a head... by poofmeisterp · 2017-08-25 05:20 · Score: 1
  
  Keep using Facebook you dopes!
  How were people distracted from Facebook to here, anyway? Wait, they weren't!
  *snort* Sorry, I had to.
You can tell browser not to follow redirection by KWTm · 2017-08-25 08:29 · Score: 1

For those people who need to click on the link, for whatever reason (e.g. it's on an email from a potential employer), there's still a way to know where it leads, right? You can tell Firefox (or whatever browsers) not to follow "redirect" instructions until it asks you. Or am I missing something here?

--
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
You social media users NEED to see... apk by Anonymous Coward · 2017-08-25 09:14 · Score: 0

You social media users NEED to see the NETFLIX show "Black Mirror" episode titled "Nosedive" - it's why I couldn't stand corporate america (which thank God I got away from after decades there with the "plastic worms" that infest it) OR 'social media'...
APK
P.S.=> Seriously... apk