Trend Micro researchers have identified a new scheme in which scammers have used Facebook again to distribute malware.
This malware has been masked as a video from Google Chrome video installer file.
Christopher Talampas, prominent fraud analyst, identified and reported this scam after receiving message from his friend on Facebook, which contained a shortened URL link. When he clicked on that link, he was redirected to a fake Facebook page that downloaded Chrome_Video_installer.scr automatically.
Hackers Target Users with “Facebook Account Recovery” Phishing Message
This file was created for deceiving the user so that he thinks that it was necessary in order to play that video. However, in reality this was a malware detected as TROJ_KILIM.EFLD. It is important to note that the KILIM malware are generally infected Chrome extensions and plugins. The variants of KILIM have been known to spam Facebook messages system and cause infection.
Facebook users hit with See ‘What Happens to this Pregnant Lady’ video scam
It further requires the user to download another file. Researchers suspect that it could be the final payload. Now that the fake site has been taken down, Talamplas learned that 36% of those who visited this fake page were based in the Philippines, India, Brazil and Indonesia while just 5% were from the United States.
Apparently, Google Chrome and Facebook are two most loved platforms of hackers and scammers for performing malicious social engineering schemes. The social network and search engine giant both are aware of this and also have taken steps to prevent such scams but still they couldn’t deter cybercriminals’ efforts.
TrendMicro
