Facebook Messenger a target of Adware spreading - Dispatch Weekly

Social networking has changed the way we interact and communicate with our friends and family, playing a significant role in our daily lives. Our favourite social networking sites, Facebook, has reached 2 billion monthly users and has more than 1.2 billion users on its Messenger app. With so many users, Facebook is a big target for scams, which also exposes its user’s personal information beyond their group of friends. This turned reality for Facebook on the 24^th of August, when cyber criminals spread malware through its Messenger app, posing a potential threat to its users.

David Jacoby, a security researcher at Kaspersky, a cyber security and antivirus provider, identified the attack after being a target himself. The attack takes the form of a message being sent to users chat prompting them to check out a video. The message includes the recipient’s name and the word “video” in order to entice them to click through to a shortened bit.ly link in the message. After clicking on the link, it points to a Google Doc which “has already taken a picture from the victim’s Facebook page and created a dynamic landing page which looks like a playable movie” states Jacoby.

He adds “When the victim clicks on the fake playable movie, the malware redirects them to a set of websites which enumerate their browser, operating system and other vital information”. This site will then attempt to encourage the users to install adware. Although the researcher is unclear how the adware is spreading through Messenger, he believes that it could be due to stolen credentials, hijacked browsers, or “clickjacking”. Frans Rosen, a knowledge advisor at the Swedish security company Detectify, suggested on Twitter that at least one vector of the campaign is using breached Chrome extensions to do so. Rosen posted a copy of the malicious JavaScript injected via an extension to Facebook.

The issue with these adware programs is that it “moves your browser through a set of websites and, using tracking cookies, monitors your activity, displays certain ads for you and even, in some cases, social engineers you to click on links”, says Jacoby.

Although no actual malware is being downloaded, such as Trojans, for each click on one of these adverts the attacker is generating revenue. Jacoby considers that the attack is part of a greater campaign. He wrote in a recent blog post to Securelist that code behind the campaign is “advanced and obfuscated” and uses “tons of domains to prevent tracking”.

Responding to the issue, a spokesperson for Facebook Messenger said that the service has a number of methods to prevent malicious links from popping up in chats. Facebook stated, “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebool.com/help”.

However, this isn’t the first time Facebook has experienced a similar matter. Last June Facebook fixed a vulnerability in its Messenger app that could have let an attacker access and modify users chats, after researchers at Check Point Software Technologies privately disclosed the issue.

Overall the simplest way to defeat such Messenger malware attacks is to avoid clicking on short, random links. Keeping your security solutions updates are important, as social networking will continue to grow, thus increasing security threats.