Have you ever encountered a message on Facebook Messenger containing a video link with no additional explanation? This might have been a fake redirect link that will make you end up on a threatening website which can compromise the safety of your device.
More and mor
e similar links are being generated a
t the moment of speaking, with the intention to to hurt unsuspecting users by making them download and install malware. The malicious software can do a lot of damage, including sensitive information theft.
It is still unknown how this spam is spread, but it might be the fault of hijacked browsers or accounts that were taken over by hackers. There is a chance that even clickjacking might play a part in this.
Clickjacking is a technique of deceiving a person to click on a link by making that person believe that the link is something else. For example, you might have seen fake play, download, or any other buttons that can trick you into clicking them, making you perform unwanted actions in the process or infecting you with viruses.
The video a user receives in their Messenger appears to belong to the sender, and the video is sent together with the message “< the name of your friend > Video” together with a bit.ly link. You might think that the video contains your friend, but it doesn’t.
How does the Messenger virus work?
Once a user clicks on the link on their Facebook Messenger, they immediately get redirected to a Google document with a video thumbnail, which is created to showcase the images of the person who supposedly sent it.
When the “video” is clicked, it redirects the user to another website with malicious content. However, the content varies depending on the OS and the browser.
Those who use Google Chrome will see a page that looks just like Youtube. It does not start playing the supposed video, however. Instead, it displays a pop-up window, claiming that the user does not have the extension needed to play the video and must download it right now.
If you actually press “Add extension”, a malicious piece of software will be installed on your computer, which will download an infected file on its own.
In case of Mozilla Firefox, users get a page with a fake update notice of Flash Player instead of Youtube. Clicking “Download” triggers the download of an .exe file, which is actually adware.
Those who own Apple Mac OS X Safari also land on a website with a fake update for their Flash Player. In this case, an OSX .dmg file is downloaded. The file turns out to be adware, similarly to Mozilla Firefox. Additionally, Linux users also get a modified version of the malicious page.
Fortunately, the links do not download any threatening malware that immediately causes malfunction or data leaking, nor it downloads any malicious ransomware – users simply get adware that constantly spits out ads, thus creating revenue for the hackers. However, you must remember that these kind of ads are highly unsafe and can cause troubles on their own.
To protect yourself from similar threats, one must remember not to click on any links or videos that are sent without any explanation. It is always easier to avoid security problems rather than fix them.