Eko Malware Targeting Facebook and its Messenger Users

This Eko malware somehow lands onto the private conversations of Facebook users that they have started using Facebook Messenger and appears to be sent by their network contacts. These PMs have certain characteristics that are as follows:

* These messages contain the profile picture or any other picture of the recipient

* The message displays the name of the recipient along with the term Video

* The link to a fake YouTube video is also embedded in the message that reads “xic.graphics” and it appears right under the recipient’s image

Must Read: Learn How to Enable Encryption on Facebook Messenger

Screenshot from a victim’s Facebook account / Source: Malwarebytes

Also Read: Hacking Facebook Account by Simply Knowing Account Phone Number

According to Malwarebytes, from the outlook, the message seems like a video link sent by some Facebook friend to the recipient and apparently, the video is about the receiver as well. When this kind of a message lands in the messenger’s inbox, the recipient naturally thinks that it is from a friend and clicks on the link. Soon after, the user receives a notification requesting for installation of Chrome browser’s extension. In reality, this is not an extension but the Eko malware. It is not necessary that it only works on Chrome, but may affect other browsers as well.

When the recipient installs the extension, unwanted ads start popping up frequently. But that’s not the only feat Eko malware can accomplish. According to security researchers, Eko has the ability to spy on users, steal personal details such as phone numbers and bank account details and also sends out similar messages to other Facebook contacts of the affected user.

Also Read: Facebook ‘Comment Tagging Malware’ Spreading via Google Chrome

This malware is currently the center of attraction of French media as well as other online platforms because it has been specifically affecting Facebook users in France. There are currently no reports about Eko affecting users outside France or anywhere else around the world. Reportedly, Facebook users in France have faced troubles due to this malware for weeks and still, they are becoming victimized by the atrocities of this latest Trojan.

This isn’t the first time that Facebook’s services have been affected by Trojans and scams. In fact, Facebook scams have always been around especially those that make use videos and fake URLs. The reason why Facebook is at the receiving end of countless scams is that it is highly popular among internet users worldwide. Therefore, scammers find it easy to target users in bulk by starting a Facebook-oriented scam campaign. Such as the Hot Video scam that dropped Trojans and infected the computers of users, Hungry Bear Tears Woman to Pieces video scam and fake YouTube video of “Alton Towers” crash are some recent video-based Facebook scams.

Related: Hacker Shows How to Hack Any Facebook Page; Earns $16k as Bug Bounty

Facebook is trying to mitigate this latest scam and the Interior Ministry in France has also issued a warning about Eko and asked Facebook users to be alert. Those users who have been affected by Eko malware need to uninstall the extension and change their login credentials on Facebook, email, and other accounts.

Related Posts