Facebook Messenger: a new phishing campaign in progress


Security: The attack vector is not original but the pirates have made sure to target their victims well. That end up with an adware malware.

Once again, the popular Facebook Messenger is used as a vector to broadcast an attack. The Kaspersky editor warns users of the application, whether they are Windows, MacOS or Linux.



No revolution in the method used but a targeting rather well done, warns the Russian publisher. The user receives a message from a known user inviting him to click on a link to watch a video “using stolen IDs, hacking browsers or bypassing clicks,” Kaspersky explains. By clicking, the victim is returned to a Google Docs page containing a fake media player. By wanting to play the video, the user is then directed to another site that will prompt him to install software to play the famous video. It’s rude but it goes, especially since according to its environment, the campaign is able to adapt: ​​false update Flash, false extension Chrome … “When the victim clicks on the false video , Malware redirects to a range of sites that list their browser, operating system and other vital information. “According to their OS, they are redirected to other websites,” says David Jacoby of Kaspersky.

If the user agrees to install this real-fake software, his machine will be infected by an adware malware. Consequently, the consequences are not dramatic (at least for the time being), but the ability of the campaign to adapt to the target environment and to spread within the address book is rather well done. Security editor. “As people spend more time on social networking sites, hackers are looking for a way to get into these platforms. Cybercriminals understand that these sites are usually white-listed, and for this reason they Are continuously looking for new techniques to exploit social networks for malicious purposes, “commented Oding Vanunu, a researcher at Check Point, at the end of 2016, on the occasion of a previous attack using an image this time.

In October 2016, the Ecko virus was raging on Messenger. Here again the approach was classic: you receive on video instantly a video allegedly sent by a contact. For more efficiency, the video (xic.graphics) was presented with a picture of your profile and was named “your first name Video” in order to make you click. By clicking on the link, the user was referred to a fake YouTube page, he was then asked to download an extension to read the file (again, classic approach). This is when the Eko virus penetrated your computer. But the consequences were much more severe since it allowed remote access to your data, especially in order to carry out phishing campaigns or to spread again through Facebook via account hacking.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s