Emma Watson Nude Video/Pictures Scam Delivers Malware, Hijacks Facebook Session

The Curious Case of Brit Celeb Emma Watson’s leaked Facebook Video –Users Helplessly Welcomed Trojans instead of her Nude Pictures

The scam of the month is here and the news is spreading like a wild bushfire. Scammers have now taken the liberty to cash-in on Emma’s humongous fan following and growing popularity by using her as a bait for spreading malicious malware on Facebook.

Bitdefender Labs revealed that a video promising sexy nude pictures of the gorgeous actress actually contained Trojans and sadly, users didn’t even get to see a glimpse of naked Emma.

Apparently, this new Facebook scam utilizes the same strategy like every other sex tape controversy we have observed prior to this as malware intensity was higher than the alleged nude photos. The timing of this scam is also crucial since it has appeared merely weeks after the hoax created by Rantic Marketing group which threatened Watson of leaking nude pictures in order to shut off the 4Chan forum.

See Also: Hackers threaten to leak nude photos of Emma Watson against gender equality speech at UN

The scam starts with a Facebook comment claiming to expose exclusive video containing her Watson’s nude photos. The comment can be seen in below gives screenshot was automatically by the users without their knowledge.


However, this new scam is much more than a marketing stunt. The video contained several damaging Trojans fully capable of hacking personal data like contact numbers, hijacking Facebook sessions and stealing tokens of legitimate apps. As if this wasn’t enough, the attackers have also subscribed the victims to more risky SMS scams.

See Also: Possible iCloud accounts hacking: Nude Photos of 98 Hollywood Celebrities leaked online

The attack initiates with a very alluring Facebook comment that promises never- seen-before video of Watson containing her nude pictures. As soon as the user clicks on this malicious link, redirection to an exciting YouTube fake account occurs and the victim is asked to update the current version of Flash players. The error message states:

“Our system detected that you are using an outdated Video Player version, in order to watch videos on Youtube please update to the latest secured version of Video Player by clicking ‘Upgrade Now’ button bellow,” the error message reads. “Once you download and install the update refresh the browser to watch the video.”

Thinking that the error may prevent him from watching the sexy video of Emma Watson, the victim immediately clicks and falls prey to the evil plans of cyber crooks.

See Also: Fake ‘Last Words of Celebrity’ Facebook Scam Installs Malware on PC

This comment gets automatically posted by affected users and as is the norm of Facebook scams, the victims become the marketers for these hackers. To make their story credible enough, “Guy Fawkes” mask was used at the fake YouTube account since the hacktivist groupAnonymous has often taken responsibility for numerous celeb video leaks.

Moreover, this malicious link redirects the victim to numerous IP-localized surveys, which also boosts the credibility level of this scam. Users can easily fill the survey in a language of their choice but soon after clicking the “Complete the Survey” tab, their phone numbers are sold on underground markets.


There are a number of risks associated with this malware attack. Apart from stealing contact numbers via premium SMS scams, it also alters your browser settings due to which users aren’t able to view their Facebook activity and settings as well as a list of extensions. It also snatches the anti-CSRF token, which is a common procedure of all Facebook scams. Cross-Site Request Forgery is a kind of attack which allows scammers to utilize a genuine session for performing illegitimate actions on user’s/victim’s behalf.

See Also: Do Not Click: Funny Facebook Video Scam Installs Malware and Steals Your Credentials

Bitdefender has identified this malware as Trojan.JS.Facebook.A and the executable file asTrojan.Agent.BFQZ. To appear legitimate, authentic Flash Player icon is used byTrojan.Agent.BFQZ and the infection elements are dropped in C:\Program Files\Internet Explorer along with the install.bat file. Furthermore, it also adds at startup just like any legitimate app download would do.

Emma Watson fans are continuously being attacked and another example of this would be the scam from a website called “emmayouarenext.com” created by a social media marketer group. Watson fans were tricked by this group which claimed to leak nude pictures of the beautiful British actress. However, their main purpose was to deactivate the 4Chan website but the group which was identified by journalists as “enterprise” Rantic couldn’t live up to the hype they created and their website went under maintenance.

Related Posts