Just Say NO to Facebook Messenger Malware

by

I know this seems to have little to do with Second Life as it states in the title, but if you want to run efficiently in SL you must keep up to date on ALL the causes to your computers demise. Yes you can get this same scam sent to you in world and YES you can pass it along to your friends, and because most of us run a second life Facebook page this will pertain to you on every level.

 

“Fly fishermen are always tying new flies, refining the tricks they play on trout and other piscean species. Likewise,Phisher-men in the digital waters constantly try new ways to get you to bite on their hook, which is baited with malware. Recently, researchers at Kaspersky Lab reported a fancy new “fly” involving Facebook’s Messenger, the bigger, better messaging app that Facebook is pushing to replace that awful, tiny, temperamental chat box. Read on to see how Messenger has been used to deceive users into clicking links that lead to loss”…

How Does the Messenger Scam Work?

Before we begin, let me underscore that Facebook Messenger is not malware (at least not in the commonly-accepted definition of the word). It’s a tool that clever hackers have found a way to exploit for evil. The same thing can be said of your favorite messaging app, email program, web browser, or word processor. But today, we’re focusing on a nasty trick played on Messenger users. Here’s what you need to know:

Lulled by your friend’s face, you obligingly click on the link right underneath the message, which is short and to the point: “ Video.” What happens next depends on what browser you are using. Click on that “video” link while using Chrome and you will be whisked away to Google Drive. There you will see something like a YouTube video page complete with a control panel, a “Play” button, and in the background the comforting photo of your pal. What could go wrong?

First, no YouTube page will ever ask your permission to install a browser extension, as this fake does. If you fall for that trick by agreeing to the “extension’s” installation you are, in fact as well as effect, telling Windows’ security to “go ahead and run this unknown program from an unknown source.” What happens next?

The unleashed malware instantly sends Messenger messages to all of your friends; they are exactly the same as the phish that you received only with your profile photo instead of your friend’s. The vicious cycle of infection and re-infection continues. Users of other browsers are told they need to update Adobe Flash Player instead of a browser extension. That malware turns out to be adware designed to generate profits for the hackers. But that’s not all the damage this one little “video” link does!

 

A Bit of Background Geekery

For Chrome users, the fake extension begins to monitor all of the sites they visit. When a victim visits Facebook and logs in, the extension steals those credentials and Facebook’s “access token” that gives apps temporary access to Facebook’s API (Application Programming Interface). These precious bits of data are sent back to the hackers. Let’s see how they are used.

The stolen user credentials get the malware logged into Facebook, perhaps as you! The malware then uses the access token to send JavaScript commands to Facebook’s back-end via the API. But the malware is also impersonating one of several mainstream Facebook apps that still use the obsolete Facebook Query Language (FQL) to search for, compile into SQL databases, and download all sorts of data about Facebook users.

Have you ever seen a warning that an app wants permission to “access your contacts?” That’s what this malware is after with its FQL queries. It then quickly chooses 50 of your contacts at random from among those presently online, and sends that one-word bait, “video,” plus the link that starts the unholy chain of events all over again.

Eternal Vigilance, Blah, Blah, Blah

Several teams of security researchers from all over the world joined together to stop this threat. But another like it will arise – many others, now that the modus operandi has been published. The next one may use bait more sophisticated than the word “video…” which, unless you have very taciturn friends, is a telltale sign that something is amiss.

The moral: Be careful on Messenger, in your email inbox, and any other place where you are tempted to click a link before engaging your brain. No anti-virus software can protect from all known threats, especially the rapidly-evolving types of malware more common today. As I’ve said before, a simple phone call (or text message) to the alleged sender of a questionable link can confirm if it’s bogus or benign.

I’d like to thank our friend Mr. Bob Rankin for this post, and be sure to check out his informative advice on his page https://askbobrankin.com/

I wish you all a great week ahead.

ZI Staff