You might use it to keep in touch with friends and family — perhaps a bit of after-hours banter with your co-workers. It’s not uncommon to follow your favorite bands, TV shows, or even childhood toys on Facebook, but it’s not the safest environment online.
With privacy issues, stalking, controversies with censorship and so-called “hate speech” (and how such a description can be safely applied), Facebook is far from the cozy online home its owners would have you believe. And then there’s malware…
Facebook malware is nothing new, but in the summer of 2017 we discovered that a new variant is out there, targeting users via Facebook Messenger and prompting them to install adware and Trojans. How can you spot this malware, and check if you’ve been infected?
Cross-Platform Malware: The Cost-Effective Attack
In the old days, you could be pretty confident that any malware attack would be aimed at Windows PCs. Online security became such a problem for Microsoft that Windows Defender was bundled with Windows 7 and later.
These days, Windows is still the main target for scammers and hackers. But they’re more proactive in aiming their cynicism at Linux and macOS users. For just a little more effort, a single attack vector can be adapted to draw in users on other systems — perhaps even mobile browsers.
It’s fair to say that traditional malware cannot work in this way. Worms are almost unheard of on Linux and macOS, for instance. But times are changing. Why maliciously destroy someone’s data if there’s no profit in it?
Malware developers have their eye on the ball, and on their bank balances. They need a profitable result. As a result, we’re now in the age of the cross-platform malware attack.
Malware Tailored to YOU
Perhaps the most widely-known examples of cross-platform malware can be found inhabiting Facebook. While the site itself doesn’t serve any malicious code (beyond stripping you of your privacy), Facebook apps, websites, and plugins are capable of forwarding you to unpleasant locations.
When it comes to Facebook Messenger malware, a rather ingenious piece of social engineering is used. First of all, your name is used. Second, your browser and operating system are instantly detected. Finally, you’re coerced into downloading the malicious software.
This might be simple adware, or it could be a Trojan… or both. Either way, this malware banks on the faith and trust you have in Facebook, and subverts this to turn you into a victim.
How to Spot the Facebook Messenger Malware
Once you know what the malware message looks like, you’ll be able to stop it.
— Anonymous Geek (@AnonymousGGN) August 31, 2017
And yes, it really is as simple as that. Your name, the word “Video,” followed by an emoji. Topping it off comes the link. The idea is that you’re tempted by a surprising or shocking video.
The scam has already used your name, based on your Facebook account. By using your name, the automated software controlling the scam instantly builds a connection with you. After you click on the link, to a Google Docs file, something interesting happens.
Here you’ll find an intentionally-blurred photo pulled from your Facebook account, presented to look like a video. Clicking on this image, however, doesn’t launch a video. Instead, your User Agent data is detected, and you’re sent to a web page and prompted to download software to “fix” the problem.
The User Agent is the clever part here. By relying on this data (your browser and operating system, essentially), the scammers can send you to a relevant website.
Firefox browser users will see a fake Flash update notification, which prompts you to install a malicious executable. Using Google Chrome? Here, you’ll see a fake YouTube site, with a fake error message to trick you into installing a malicious Chrome extension. MacOS users on Safari, meanwhile, are prompted to download a malicious DMG file.
There are some permutations. For instance, while Windows Firefox users get the EXE file, Linux users will be prompted to install a PPA (an unofficial software repository, often useful, but occasionally dangerous).
So what happens when you’re infected? In short, you’ll receive adverts where you’re not expecting them, with all proceeds going to the scammers. There is also a likelihood that a Trojan is installed, perhaps a keylogger, or a remote control tool for linking your system to a botnet.
Removing the Facebook Messenger Malware
If you’ve been unfortunate enough to click the links in the Facebook Messenger malware links, dealing with the problem is, thankfully, relatively simple.
If you’re using Chrome, you can reset the browser, disabling all installed extensions. Do this by opening the menu, and clicking Settings > Advanced > Reset and confirm your choice in the box.
This option will work regardless of what operating system you’re using.
Run Antivirus Software
Whether you’re running Chrome, Firefox or Safari, you should scan your computer for malware. Your usual antivirus software should be adequate here, but if not, you’ll find something suitable in our list of the best security tools.
The aim here is to scan your computer for adware, Trojans, and other malware that might have been installed via the Facebook Messenger con. Don’t overlook this step, as it is vitally important that you remove what has been installed on your computer.
Check Facebook Apps and Websites
The final step is to deal with Facebook. The risk from apps and websites linked to your account is real, so it makes sense to remove those you no longer wish to be associated with. At the very least, this will help you to focus your Facebook activities to topics you’re interested in.
Open the Facebook menu, then find Settings > Apps. Here, you’ll find apps and websites that you can Remove. Old websites you might have visited, old apps from mobile devices and platforms you no longer use — these are all potential attack vectors for scammers.
Check each in turn, discarding those that no longer hold importance or relevance. If you see any you don’t recall, check them out with a quick web search, and remove them if appropriate.
Don’t Click on Strange Links!
If you’re still using Facebook, and its associated messenger, you are opening yourself up to all manner of socially engineered attacks. At the very least, you should be keeping your account closed to strangers, offering status updates to only friends, and regularly checking what mobile, desktop, and browser apps have access to your profile.
Have you been affected by the Facebook Messenger malware attack? What operating system and browser where you using? Was the adware successfully removed, and did your antivirus software find any Trojans? Tell us in the comments.