Facebook Messenger, which is used by almost every one of the two billion users of Facebook, is facing a bulk messaging malware threat — as pointed out by security experts at Kaspersky — that puts all of the users at a security risk.
Although this kind of spread of malware isn’t a new phenomenon as most of the Facebook users might be aware of such spam messages and posts, which have been doing rounds on the social network for quite a few years now, Facebook worked quite hard to put a stop to this.
But similar instances of bulk messaging malware have surfaced on the social media platform yet again. According to the security researchers, the attackers had found the Facebook Query Language (FQL) bug which was disabled a year ago but not completely. FQL was blocked for applications but with a few exceptions.
“Facebook Pages Manager, an iOS application, still uses FQL. Thus, to gain access to the “locked out” feature, malware simply has to act on behalf of the application,” Kaspersky researchers stated.
The malicious script used to carry out the attack liked a specific Facebook page every time a successful attack was carried out and going by the number of likes on the page the researchers suggested that tens of thousands of accounts had already been hacked.
How is the Attack Carried Out?
A user first receives a message from a friend which contains the world ‘Video’ with the name of the sender, an emoji and a shortened link which might resemble the message screenshot below.
If users click on the link, they are redirected to a Google Drive page with a video play button. Clicking on that button will lead to a YouTube-like page where the user is asked to install an extension for Chrome.
Victims using browsers other than Chrome were redirected to a website that offered them to download Adobe Flash Player that contains adware.
In either case, if the user clicks on the ‘install extension’ or ‘install Adobe’ option, the attacker gains access to the victim’s system, following which they can monitor all the websites visited by the victim.
Once the user navigates to Facebook and logs in, their credentials — login ID and password — are stolen and an access token is sent to the attacker’s server.
“By using the stolen credentials and accessing the obsolete Facebook feature, the crooks could request that the social network send them the contact list of the victim, cull those who were not currently online, and randomly select 50 new victims from the remainder. Then, those users were bulk-messaged with a new link to Google Drive. All in all, a vicious cycle,” the security researchers explained.
How to Stay Safe?
As Facebook is working towards making amends to the vulnerability in their Messenger app, it’s important that users are aware enough to keep an eye on the security of their own personal data.
Since these spammy messages with malware-ridden links, which can potentially lead to you losing the credentials of your account to the attacker, come from a known Facebook contact, it’s quite difficult to ascertain if it’s legitimate or a spam.
So the best way to stay safe right now is to avoid clicking on links in the Messenger until and unless your friend specifically points out that it’s safe to open — even then we’d recommend you exercise your discretion.
The main point here is to make sure that the person sending you the link is really your friend and not someone who is in control of your friend’s Facebook account.