Facebook ‘Comment Tagging Malware’ Spreading via Google Chrome
If you receive a Facebook notification regarding a friend tagging you in a comment be very careful before clicking on the link it can be a javascript malware found targeting users lately!

Facebook is undoubtedly the most used social media around the world and that’s what makes it an attractive target for cyber criminals as every now and then users complain about their account being compromised due to phishing or malware scam.

Currently, a malware scam is infecting Facebook users in which they receive a notification in the messenger app and/or in their email about a friend tagging in a comment, upon clicking the link, a malware is downloaded on their device. Though just downloading it won’t infect your device but users who are not aware of how scammers target people may click the downloaded file and infect their devices.

This malware is mostly targeting Chrome users. It is yet unclear if Firefox or other browsers are affected by the scam or not. One possibility is that users receiving such notifications have had one of their friends hacked and crooks are using their browser to target other contacts.

Here is an exclusive screenshot shared by one of our friends showing a JavaScript encoded script file which was downloaded once on their device:

beware-widspreading-facebook-comment-tagging-virus-2
If downloaded delete this file asap and avoid executing it

The malware scam is currently under discussion on the Stack Exchange where the victim has been stating their experience after being tricked into downloading the infected files. According to one of the analysts on the discussion the researcher said that:

“This is a typical obfuscated JavaScript malware which targets the Windows Script Host to download the rest of the payload. In this case, it downloads what appears to be mainly a Chrome Extension (manifest.json and bg.js), the autoit Windows executable, and some autoit scripts which likely include some form of ransomware. All of these files are named with .jpg extensions on the (likely-compromised) server they are hosted, to be less conspicuous.”

This is not the first time when cyber criminals have used Chrome browser to infect and compromise users. In the past there were several cases in which Chrome was negatively used such as 1: fake Google Chrome update leading to Android malware stealing personal data (click here for more details), 2: Hackers transforming malware into Chrome lookalike browser and infecting users (click here for more details), 3: Facebook being hit with a malware disguising as Google Chrome video installer (click here for more details), 4: Fake Google Chrome update leading to dangerous CTB Locker/Critroni ransomware (click here for more details).

If you witness any phishing or malware scam on Facebook click here to report it and stop cybercriminals from stealing your data.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.