Select Page

Cyren Security Blog

Malware spread via Facebook Chat

Facebook chat messages containing malicious links are being sent from compromised Facebook accounts. The messages are typically sent to all of the compromised user’s friends.

The distribution of the malware includes the following steps

  • Legitimate website is hacked
  • A new folder is created on the hacked site including malware (an executable file)
  • Phony Facebook application pages are created which automatically link to the hacked site
  • Compromised Facebook accounts are used to spread chat messages linking to the phony Facebook applications and subsequently to the download of the EXE file.

The Facebook chat messages include text such as “hahahah foto” and the phony Facebook application pages are also photo-related such as “cytepic” and “artephotos”.

Facebook have been quick to remove the phony Facebook application sites. In addition the compromised site removed the malware posted on their site. The hacker’s page on the compromised site is still in place though.

You might also like

Square Enix Phishing Campaign

From July 20 until August 16, 2021, Cyren observed a significant increase in the number of Square Enix phishing URLs. The campaign coincided with 14 days of free play announced by Square Enix on July 12, 2021. During this period, we detected a total of 47,076 URLs for...