There was a time when Linux and macOS users could feel relatively safe when it came to viruses, malware, and adware. But the times are changing. Hackers are getting wise and they know the world is becoming increasingly multi-platform. This is why they are now creating multi-platform viruses and malware. Hackers also realize people are using social media like never before and social media habits tend to be the same across platforms. Facebook is by far the most popular social media service and this is where the latest multi-platform virus can be found.
Security research firm Kaspersky Lab discovered the campaign that uses Facebook Messenger to deliver a video link that redirects the user to a fake website that contains another link to the malicious software. Kaspersky believes the malware is spreading through compromised accounts, clickjacking, and hijacked browsers. They also believe a good bit of social engineering is being put into play to coax users to click the supplied links.
Once you have clicked on the link within Facebook Messenger, it redirects you to a Google doc video thumbnail. The thumbnail generated is based on the user’s own images which lead’s them to click yet again. According to The Hacker News, if you click the video thumbnail, you will be redirected based on which browser and operating system you’re using. This is where the multi-platform aspect comes into play. This means users of Windows, macOS, and Linux are all vulnerable to this.
For example, Mozilla Firefox users on Windows are redirected to a website displaying a fake Flash Player Update notice, and then offered a Windows executable, which is flagged as adware software.
Google Chrome users are redirected to a website that masquerades as YouTube with similar YouTube logo, which displays a fake error message popup, tricking victims into downloading a malicious Chrome extension from the Google Web Store. The extension actually is a downloader that downloads a file of attacker’s choice to the victim’s computer.
Users of Apple Mac OS X Safari ends up on a web page similar to when using Firefox, but it was customised for MacOS users with a fake update for Flash Media Player, which if clicked, downloads an OSX executable .dmg file, which is also adware.
Same in case of Linux, user redirects to another landing page designed for Linux users.
According to The Hacker News, it seems the end goal for these hackers is to infect systems with adware that helps generate revenue from ads. It’s recommended that you don’t click on any video links sent to you via Facebook Messenger. If you do want to click, it’s best to verify with the sender that they actually did send that link.
Last Updated on August 26, 2017.