Security Social Media

How to Remove the Cross-Platform Facebook Messenger Malware

Christian Cawley 02-09-2017

You might use it to keep in touch with friends and family — perhaps a bit of after-hours banter with your co-workers. It’s not uncommon to follow your favorite bands, TV shows, or even childhood toys on Facebook, but it’s not the safest environment online.


With privacy issues Facebook Privacy: How the Fight Could Be Won in Belgium The privacy war against global social networking giant Facebook is slowly being won – in Europe, at least. Because Facebook has been given 48 hours to stop tracking non-users in Belgium... Read More , stalking 5 Life-Ruining Ways You Can Be Victimized Online The Internet is not as anonymous as you might think it is. If somebody wants to find out who you are and where you live, the tiniest bit of information can lead back to you... Read More , controversies with censorship Is Twitter's Trust & Safety Council a Front for Censorship? Twitter's formed its new Trust & Safety Council to create a friendly online environment. But does the overwhelmingly left-leaning Council membership indicate that the days of online discussion and meeting concensus are over? Read More and so-called “hate speech” (and how such a description can be safely applied), Facebook is far from the cozy online home its owners would have you believe. And then there’s malware…

Facebook malware How to Prevent & Remove Facebook Malware or Virus Facebook malware is a threat, but you don't have to worry about it if you follow this advice. Here's how to avoid the nasty side of Facebook. Read More is nothing new, but in the summer of 2017 we discovered that a new variant is out there, targeting users via Facebook Messenger and prompting them to install adware and Trojans. How can you spot this malware, and check if you’ve been infected?

Cross-Platform Malware: The Cost-Effective Attack

In the old days, you could be pretty confident that any malware attack would be aimed at Windows PCs. Online security became such a problem for Microsoft that Windows Defender Windows Defender: 7 Things You Must Know About Microsoft's Antivirus Solution Is Microsoft's built-in security good enough? Microsoft continuously improves its security tools. We'll show you the upsides and downsides of Windows Defender in Windows 8, Read More was bundled with Windows 7 and later.

facebook messenger malware alert
Image Credit: via Shutterstock

These days, Windows is still the main target for scammers and hackers. But they’re more proactive in aiming their cynicism at Linux and macOS users. For just a little more effort, a single attack vector can be adapted to draw in users on other systems — perhaps even mobile browsers.


It’s fair to say that traditional malware cannot work in this way. Worms are almost What Is The Difference Between A Worm, A Trojan & A Virus? [MakeUseOf Explains] Some people call any type of malicious software a "computer virus," but that isn't accurate. Viruses, worms, and trojans are different types of malicious software with different behaviors. In particular, they spread themselves in very... Read More unheard of on Linux and macOS, for instance. But times are changing. Why maliciously destroy someone’s data if there’s no profit in it?

Malware developers have their eye on the ball, and on their bank balances. They need a profitable result. As a result, we’re now in the age of the cross-platform malware attack.

Malware Tailored to YOU

Perhaps the most widely-known examples of cross-platform malware can be found inhabiting Facebook. While the site itself doesn’t serve any malicious code (beyond stripping you of your privacy), Facebook apps, websites, and plugins are capable of forwarding you to unpleasant locations.

When it comes to Facebook Messenger malware, a rather ingenious piece of social engineering is used. First of all, your name is used. Second, your browser and operating system are instantly detected. Finally, you’re coerced into downloading the malicious software.


This might be simple adware, or it could be a Trojan… or both. Either way, this malware banks on the faith and trust you have in Facebook, and subverts this to turn you into a victim.

How to Spot the Facebook Messenger Malware

Once you know what the malware message looks like, you’ll be able to stop it.

And yes, it really is as simple as that. Your name, the word “Video,” followed by an emoji. Topping it off comes the link. The idea is that you’re tempted by a surprising or shocking video.


The scam has already used your name, based on your Facebook account. By using your name, the automated software controlling the scam instantly builds a connection with you. After you click on the link, to a Google Docs file, something interesting happens.

Here you’ll find an intentionally-blurred photo pulled from your Facebook account, presented to look like a video. Clicking on this image, however, doesn’t launch a video. Instead, your User Agent data is detected How to Change Your Browser's User Agent and Trick Websites Here's how to change your user agent string (so your browser can pretend to be something else) and why it can be useful. Read More , and you’re sent to a web page and prompted to download software to “fix” the problem.

The User Agent is the clever part here. By relying on this data (your browser and operating system, essentially), the scammers can send you to a relevant website.

Which Website?

Firefox browser users will see a fake Flash update notification, which prompts you to install a malicious executable. Using Google Chrome? Here, you’ll see a fake YouTube site, with a fake error message to trick you into installing a malicious Chrome extension. MacOS users on Safari, meanwhile, are prompted to download a malicious DMG file.


There are some permutations. For instance, while Windows Firefox users get the EXE file, Linux users will be prompted to install a PPA (an unofficial software repository, often useful, but occasionally dangerous Linux PPAs: Installation, Removal, and Security PPAs -- personal package archives -- are a way to install Linux software via the Terminal. But are they safe to use? How can you remove a PPA? And which are the safest PPAs to... Read More ).

So what happens when you’re infected? In short, you’ll receive adverts where you’re not expecting them, with all proceeds going to the scammers. There is also a likelihood that a Trojan is installed, perhaps a keylogger, or a remote control tool for linking your system to a botnet.

Removing the Facebook Messenger Malware

If you’ve been unfortunate enough to click the links in the Facebook Messenger malware links, dealing with the problem is, thankfully, relatively simple.

Google Chrome

If you’re using Chrome, you can reset the browser, disabling all installed extensions. Do this by opening the menu, and clicking Settings > Advanced > Reset and confirm your choice in the box.

facebook messenger malware chrome

This option will work regardless of what operating system you’re using.

Run Antivirus Software

Whether you’re running Chrome, Firefox or Safari, you should scan your computer for malware. Your usual antivirus software should be adequate here, but if not, you’ll find something suitable in our list of the best security tools.

The aim here is to scan your computer for adware, Trojans, and other malware that might have been installed via the Facebook Messenger con. Don’t overlook this step, as it is vitally important that you remove what has been installed on your computer.

Check Facebook Apps and Websites

The final step is to deal with Facebook. The risk from apps and websites linked to your account is real, so it makes sense to remove those you no longer wish to be associated with. At the very least, this will help you to focus your Facebook activities Make Facebook Relevant Again With These Forgotten Tricks If your news feed is becoming cluttered with information you don't care about, you need to learn how to manage it better. Read More to topics you’re interested in.

facebook messenger malware app remove

Open the Facebook menu, then find Settings > Apps. Here, you’ll find apps and websites that you can Remove. Old websites you might have visited, old apps from mobile devices and platforms you no longer use — these are all potential attack vectors for scammers.

Check each in turn, discarding those that no longer hold importance or relevance. If you see any you don’t recall, check them out with a quick web search, and remove them if appropriate.

Don’t Click on Strange Links!

If you’re still using Facebook, and its associated messenger, you are opening yourself up to all manner of socially engineered attacks. At the very least, you should be keeping your account closed to strangers, offering status updates to only friends, and regularly checking what mobile, desktop, and browser apps have access to your profile.

Have you been affected by the Facebook Messenger malware attack? What operating system and browser where you using? Was the adware successfully removed, and did your antivirus software find any Trojans? Tell us in the comments.

Related topics: Anti-Malware, Facebook, Malware.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *