Researchers at Kaspersky Lab, the cyber security and antivirus provider, have uncovered a new type of malware with an “advanced and obfuscated code,” spreading through Facebook Messenger. Facebook’s instant messaging service recorded over 1.2 billion monthly active users back in April and the lighter version of the app, Messenger Lite, has now been downloaded 50 million times.
According to Kaspersky, the initial spreading mechanism of the malware seems to stem from Facebook Messenger, but how it spreads via the service is still unknown. “It may be from stolen credentials, hijacked browsers or clickjacking. At the moment we are not sure because this research is still ongoing,” Kaspersky writes in a press release.
Further, security researchers at the company discovered that the malware spreading message are titled ‘David Video,’ which bait users into clicking a bit.ly link. When unsuspecting users click on the fake playable video, the malware redirects them to a set of websites that “enumerate their browser, operating system and other vital information. Depending on their operating system they are directed to other websites.”
Kaspersky further explains the nature of the malware saying that the malware relies on social engineering for infection, inviting users to click on a link that points to a Google doc landing page with a picture taken from their Facebook page. The dynamic landing page looks like a playable movie. The adware uses the common “domain chain” technique, redirecting and tracking users through malicious websites depending on characteristics such as language, geolocation, operating system, browser information, installed plugins and cookies, etc.
Users of different browsers are redirected to different websites with fake messages and notifications disguised as updates of popular applications or extensions that can be installed. By clicking on them, adware is downloaded to the victim’s device. The company says that while no trojans or exploits are being downloaded on users’ devices through the Facebook Messenger malware, people behind it are most likely making a lot of money through unsolicited advertising and getting access to many Facebook accounts.
Users are advised not to click on unknown messages or suspicious links on Messenger.