- How to get malware off facebook update#
- How to get malware off facebook download#
- How to get malware off facebook windows#
How to get malware off facebook update#
It was a fake update for Flash Media Player, and when I clicked the link an OSX executable. When using the OSX Safari browser I ended up on a similar website to the one I was directed to when using Firefox, but it was customized for OSX users. It is unclear if this is related to the campaign, but it is still an amusing piece of information. One interesting finding is that the Chrome Extension has log files from the developers displaying usernames. At the time of writing, the file which should have been downloaded was not available. The Chrome Extension is a Downloader, which means that it downloads a file to your computer.
How to get malware off facebook download#
The website then displays a fake error message tricking the user to download a malicious Google Chrome extension from the Google Web Store. When using the Google Chrome browser I was redirected to a website which mimics the layout of YouTube, even including the YouTube logo.
How to get malware off facebook windows#
For example, when using FIREFOX I was redirected to a website displaying a fake Flash Update notice, and then offered a Windows executable. What I noticed during my research was that when changing the User-Agent header (browser information) the malware redirects you to different landing pages. We all know that clicking on unknown links is not something that’s recommended, but through this technique they can basically force you to do so. It might be your language, geo location, browser information, operating system, installed plugins and cookies.īy doing this, it basically moves your browser through a set of websites and, using tracking cookies, monitors your activity, displays certain ads for you and even, in some cases, social engineers you to click on links. I would like to describe it as a domain chain, basically just A LOT of websites on different domains redirecting the user depending on some characteristics. This technique is not new and has a lot of names. Depending on their operating system they are directed to other websites. When the victim clicks on the fake playable movie, the malware redirects them to a set of websites which enumerate their browser, operating system and other vital information. The document has already taken a picture from the victim’s Facebook page and created a dynamic landing page which looks like a playable movie. The message reads “David Video” and then a bit.ly link. The message uses traditional social engineering to trick the user into clicking the link. At the moment we are not sure because this research is still ongoing. It may be from stolen credentials, hijacked browsers or clickjacking. The initial spreading mechanism seems to be Facebook Messenger, but how it actually spreads via Messenger is still unknown.
Here is a screenshot of the JavaScript, an potential injector. This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on.Īfter just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things.