According to the cybersecurity provider, a malware with advanced and obscure code is spreading through Facebook Messenger and infecting victims with adware. The malware uses Facebook Messenger and customised Google Doc landing pages to do so.
Researchers at Kaspersky Lab, have uncovered a new type of malware with an “advanced and obfuscated code,” spreading through Facebook Messenger. Facebook’s instant messaging service recorded over 1.2 billion monthly active users back in April and the lighter version of the app, Messenger Lite, has now been downloaded 50 million times.
According to Kaspersky, the initial spreading mechanism of the malware seems to stem from Facebook Messenger, but how it spreads via the service is still unknown. “It may be from stolen credentials, hijacked browsers or click jacking. At the moment we are not sure because this research is still ongoing,” Kaspersky writes in a press release.
The message uses traditional social engineering to trick the user into clicking the link. The message reads “Jackson Video” and then a bit.ly link.
The link points to a Google doc. The document has already taken a picture from the victim’s Facebook page and created a dynamic landing page which looks like a playable movie.
When the victim clicks on the fake playable movie, the malware redirects them to a set of websites which enumerate their browser, operating system and other vital information. Depending on their operating system they are directed to other websites.
Users are advised not to click on unknown messages or suspicious links on Messenger.