subscribe: Daily Newsletter

 

Another Facebook scam rears its head

0 comments

Just days have passed since ESET warned users worldwide about an active Ray-Ban scam campaign on Facebook, which tricks users into sending their payment card details to the attackers – and now it is warning about yet another malicious activity targeting the world’s largest social network.
This time, malicious links are disguised as a post on a Timeline users were tagged in, or as a message sent to them via Messenger by a friend.
Using one of the titles “My first video”, “My video”, “Private video” or a string of randomly generated characters, it tags various people from victim’s friend list and lures them into clicking on it.
If an unsuspecting user falls for the scam, the post redirects him/her to a fake YouTube website.
After what pretends to be an unsuccessful attempt to load the content, he/she is requested to install an additional extension using the following message:
Sorry, if you don’t install Video Play plugin, you will not be able to watch the video!
Click ‘Add Extension’ to watch the Video
If the victim installs the malicious plug-in, his/her browser becomes infected and carries the infiltration further. The users Facebook wall becomes flooded with fake video posts tagging multiple friends from the victim’s friend list and subsequently, all online friends will receive an identical message via Messenger with the same harmful contents.
ESET identifies this threat as JS/Kilim.SO and JS/Kilim.RG.
Currently, the infiltration only targets Chrome users, but there is no guarantee that it will not spread to other browsers in the future.

How to get rid of it?
* Immediately remove “Make a GIF” extension from your Chrome browser. Either type “chrome://extensions/” into the address bar or go to Customize and control Google Chrome -> More tools -> Extensions -> Make a GIF -> Remove from Chrome …
* Scan your computer with a reliable antivirus software. If you don’t have any security software installed on your PC.
The malicious campaign is currently spreading spam messages and infecting Facebook accounts with a very high rate of success.