Facebook Messenger virus is back again: do not get tricked by fake video links

Security specialists count numerous versions of the Facebook virus.[1] However, recently a new variant has been noticed spreading on Messenger. Well, Facebook Messenger virus is not new. It has changed shapes and colors countless times. This time, crooks send a message on behalf of your contact that has a video link followed by the short sentence like “its you? [name] :|.”

Facebook Messenger virus is back!

Receiving a video if yourself might be shocking and raise your curiosity. However, once you click on a shady shortened link, you will be redirected to a suspicious site that looks similar to YouTube.[2] However, the site greets a victim with a pop-up asking to install specific plugin or update in order to watch a video.

As soon as a victim does what he or she is asked, Facebook virus gets into the system or hacks user’s account. As a result, a new victim starts spreading the same malicious link to whole contact list without even knowing it.

Thus, instead of finding out who has taken a video of you, you get infected with malware. Facebook Messenger virus attack might lead to the installation of malicious programs and spyware. Thus, your files and personal information are at risk.

Facebook Messenger virus uses social engineering strategies

Examples of Facebook Messenger virus.

The virus is around at least since 2013. During the years, we have seen different lines and video links sent by cyber criminals, such as:

  • “[name of the recipient] Video :o”
  • “You are in this video?”
  • “This is your video?”
  • “its you? (target’s name) :|”

However, all the versions acted the same. The obfuscated link redirects to a malicious website that either asks to install a plugin or update Adobe Flash Player to watch the video.

Watch out for fake Flash Player updates!

Cyber criminals often take advantage of Adobe Flash Player.[3] Unfortunately, this program has lots of vulnerabilities and flaws that allow attackers to do their dirty job. Additionally, everyone knows this software and usually has it installed on the system. Hence, update pop-up seems legit.

However, software updates do not arrive in the form of pop-ups. What is more, major web browsers have this software installed. Hence, all needed updates are installed together with browser’s updates. No other actions needed.

Users who are tricked by a fake Flash update might install various cyber threats. However, last year a massive campaign was used to spread Bad Rabbit ransomware.[4] Thus, hundreds of thousands of victims lost their files because of one click.

That picture sent from your old friend might be malicious too

Facebook virus on Messenger does not always spread as a fake video link. Researchers also detected some versions that send an obfuscated image. One of the largest and hazardous cases were spotted in November 2016.

Back then developers of Locky ransomware[5] managed to bypass Facebook’s security and spread .svg file that contained a malicious JavaScript code.

Nevertheless, crooks used an image instead of a video link; the further scheme was the same. Users were redirected to a particular site that asked to install a codec to see a video. Yes, it’s not logical. However, thousands of people fell for this trickery and got their files encrypted by Locky virus.

Facebook virus does not have borders

It may seem that Facebook virus is the problem for English-speaking users. However, malware does not have borders or language barriers. It spreads via victim’s contact list. Thus, if you have friends from Spain, China or Russia, they might get a malicious message from you if your account was hacked.

However targeted attacks were spotted too. For instance, in 2016 French Facebook users were attacked by the Trojan called Eko. It worked as spyware that can collect personally identifiable information and spy on the users.

Steps to take if someone tells that you are sending shady video links

It’s important to remove Facebook Messenger virus and recover your account ASAP.

It takes only spontaneous or unintentional click to get infected. Soon, you might receive calls or messages from friends telling that your account was hacked. However, instead of panicking, you should follow these steps:

Write a post informing your friends not to click any links sent on behalf of you (it’s just a nice gesture).

  1. Check the system for malware. Install a reputable antivirus, scan the system and make sure that your smartphone is not infected. Additionally, you should check all the devices you used to access Facebook. There are sneaky versions of malware that can infect machines soon as you log in to your account.
  2. Change Facebook password. Some versions of Facebook virus are designed to steal credentials. Hence, criminals can continue using your account for their own needs. You must stop them by changing your password. But please, create a strong one!
  3. Change other social network’s or email account passwords. In some cases, Facebook Messenger virus operates as a spyware. Thus, criminals may have collected your logins. We are sure that you do not want criminals having access to your bank account!

Help! I cannot login to my Facebook account

If criminals hacked your account and logged you out, you have to contact Facebook support directly. Once you inform about the hacked Facebook account, their support will help you to get it back and recover after the attack.