If you come across any message on Facebook Messenger with a video sent by anyone, even your best friend, do not try to see it.
Security researchers Kaspersky Lab identified a continuing multi-platform malware promotion campaign on Facebook Messenger. Facebook Messenger users get a video link that redirects them to a fake site asking them to install malicious software.
JavaScript Screenshot, which is an injector. its name is "injection.js" (ebc117c0cf03ad4b13184d1253862586)
The URL redirects victims to a Google doc that displays a dynamically generated video thumbnail, like a playable movie, based on pictures provided by the sender, which, if clicked, redirect them to another customized page depending on program browser and their operating system.
For example, its users Mozilla Firefox on Windows are redirected to a website that displays a fake Flash Player update notification and then offers a Windows executable file, which is an adware software.
Its users Google Chrome redirected to a YouTube-like site displaying a pop-up message that causes the victims to download a malicious Chrome extension from the Google Web Store.
The extension is actually a downloader that downloads a file of the attacker's choice to the computer of the victim.
Apple Mac OS X and Safari users end up with a webpage similar to that of using Firefox, but it has been adapted for MacOS users. It contains a fake update for Flash media Player, and with the user's click it downloads a .dmg file which is also Adware.
The same is true for Linux users.
Attackers behind the campaign do not pollute the users of all malware platforms, but with adware that gives them ad revenue.
Let's mention once again that curiosity killed the cat. We recommend that you think very well when you see pictures or video links sent by anyone, even your friends. Verify with them and keep your antivirus app up-to-date.
