Bulk messaging malware in Facebook Messenger

First a preliminary report was published. At that time, Jacoby still had not had enough time to research many details about how the malware operated, but now he has, and we are ready to share them. From a user’s perspective, here’s how the infection progressed.

  • The user received a message in Facebook Messenger from a friend. The message contained the word “Video,” the name of the sender, a random smiley, and a short link. 
  • The link redirected to Google Drive, where the user saw something resembling a video player with a picture of the original sender in the background and what looked like a Play button.
  • If the victim attempted to play back the “video” in Google Chrome, they were redirected to a page that looked much like a YouTube page and offered to install an extension for Chrome.
  • If the user agreed to the installation, then the extension began to send out malicious links to their friends — and everything followed the same algorithm for each of them over again.

Read More on Technology.mb.com