An advanced and potentially malicious Javascript code injector is spreading via Facebook Messenger and it is still unknown as to how it is spreading around. Even though the method is pretty old school it still has the properties of a destructive piece of malware.

Those of us old enough to have used MSN Messenger or Yahoo! Messenger may remember such techniques being used against them. Now in 2017 we see that cyber criminals are still favouring this type of attack. This time spreading via the ever popular Facebook Messenger, someone on your friends list (most likely someone who has been compromised) will message you a link which once clicked will take you to a public Google Document.

That document contains a video file which you have to click on in order to play. Once clicked you will be taken to a fake YouTube site – looking and feeling like the real thing. At that time a number of things will prompt you for download. One is a fake flash update download which ‘you will need in order to play the video’. You may then be prompted to download a malicious Google Chrome extension from the Google Web Store.

RELATED ARTICLE: 8 Google Chrome Extensions Hacked Last Week

Once either or both have been downloaded it is believed that your Facebook account will be compromised and the same chat message you received from a ‘friend’ will be circulated among your friends. No doubt it’s safe to say that other personal data will most likely have been compromised so if you are on a work network environment it would be best for your managed IT services provider to isolate the machine or system.

It is believed that the method of attack works with Windows, Mac OS and Linux. The attackers behind the campaign are not actually infecting users with any banking Trojan or exploit kits, but with adware to make a lot of money by generating revenue from ads. Spam campaigns are popular on Facebook with cyber criminals using compromised .JPG image files to hide their malware, a technique seen in the recent Locky ransomware.

RELATED ARTICLE: 8 Google Chrome Extensions Hacked Last Week

To keep yourself safe from this latest method of attack we recommend keeping a close eye on the links you click from your Facebook messenger chats. Also keep a close eye on your Facebook activity and log out from all unknown sessions. A change of password would also be ideal. Outside of Facebook you should ensure your antivirus is updated to the latest version and keep Google Chrome extensions/plugins downloads to the bare minimum for now.

If you think you have been compromised, especially from within a work network environment, contact your managed IT services provider immediately.

About IntelliTeK Pty Ltd

IntelliTeK is a managed IT services company in Sydney, Australia. With major vendor relationships and accreditation’s from the worlds leading IT companies including WatchGuard, Microsoft, Trend Micro and Amazon Web Services, IntelliTeK have kept clients happy since 2007. 

IntelliTeK are always up to date with the latest cloud backup solutions which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at info@intellitek.com.au, fill out the web form, or have a Live Chat with us below.