When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

New Facebook tagging scam is in the wild, containing malware that can infect every device

Neowin · · Hot! with 30 comments

Image via HotForSecurity

It seems that scams and hoaxes really are part of a typical Facebook day. After previous reports of a privacy notice post hoax spreading on the social networking website, another type of scamming act is currently making the website's rounds, where it has been reported that at least 5,000 computers have been infected with a backdoor trojan.

Bogdan Botezatu of HotforSecurity reports that cyber criminals have created a malicious tagging scam, that starts with an alleged "video," in which 20 friends are tagged in. Looking at the "video" in the Facebook post, it displays a goo.gl host, which is a URL shortening service, and not a video hosting website, which makes the post very suspicious.

Botezatu explains further:

Users who click the respective video are sent to an external page, where their user-agent (the browser and operating system identifiers) are analyzed so hackers know where to redirect the victim. After all, it wouldn’t make any sense to redirect an Android user to Windows malware, would it?

The webpage where users are redirected to reportedly does a thorough scan of the victim's system. The page is apparently device-agnostic, and can serve malware to various devices like Android phones, PC's, PlayStation consoles, TV sets, smart cars, and media players.

Even so-called "dumb phones" are part of the action, as the criminals behind the scam will then redirect the user to an SMS fraud service that will try to lure the user into subscribing to a useless premium service.

If the victim is running a Windows PC, the user is then redirected to another Facebook page where the person is prompted to download a "Flash player" to be able to view the video.

The downloaded file is reportedly not a Flash player installer, but instead an SFX file (self-extracting executable archive) will greet the user. Once clicked, it would install two pieces of malware contained inside the archive, under the file names "install.exe" and "setup.exe." It has been reported that "install.exe" is a generic backdoor that can be used to install other malicious software, while the latter is responsible for spreading the alleged scam on Facebook even further.

Botezatu advised Facebook users to install an anti-malware solution on their computers, and to be careful with the links they click. He also suggested users adjust their privacy settings to the extent where permission is required before content they are tagged in is displayed.

Source: HotForSecurity

Report a problem with article
Next Article

Lumia Denim now available for the Lumia 930 on EE and other networks in the UK

Previous Article

More apps unpublished from the Windows Phone Store

Join the conversation!

Login or Sign Up to read and post a comment.

30 Comments - Add comment