Spam and phishing

‘Adult’ video for Facebook users

In April of this year, we registered some mass attacks on Facebook users in Russia. As a result, many Russian-speaking users of the social network fell victim to fraudsters. Half a year later the fraudsters have used the same tactics to attack Facebook users in Europe.

fb1-en

The attackers use a compromised Facebook account to post a link to an adult video that is supposedly on the popular YouTube service. In order to attract potential victims, “likes” are added from the account holder’s list of friends. The fraudsters rely on the user or their friends being curious and those who would like to watch an “18+” video.

fb2-en

Clicking on the link opens a page made to look like YouTube.

fb-3

However, a quick look at the address bar is enough to see that the page has nothing to do with YouTube. During the latest attack the fraudsters distributed a “video” located on the xic.graphics domain. The domain is not currently available, but we discovered more than 140 domains with the same registration data that can be used for similar purposes.
After trying to start the video, a pop-up banner appears prompting the user to install a browser extension. In this particular example, it was called ‘Profesjonalny Asystent’ (Professional assistant), but we also came across other names.

fb-4

The “View details” message explains that if the extension is not installed, the video cannot be viewed.

fb-5

The attackers are banking on an intrigued victim not being interested in the details and just installing the extension. As a result, the extension gains rights to read all the data in the browser, which the fraudsters can later use to get all the passwords, logins, credit card details and other confidential user information that is entered. The extension can also continue spreading links to itself on Facebook, but now in your name and among your friends.

We strongly recommend not clicking such links and not installing suspicious browser extensions. It’s also worth checking if any suspicious extensions have already been installed. If any are discovered, they should be immediately removed via the browser settings, and the passwords for sites that are visited most often, especially online banking, should be changed.

‘Adult’ video for Facebook users

Your email address will not be published. Required fields are marked *

 

  1. Omer LeBlanc

    A few months ago my Facebook page when opened with Chrome started freezing up.Facebook works Ok if I use Internet Explorer. I just now stopped Kaspersky protection and Facebook work with protection stopped. I started protection up again and Facebook freezes up using Chrome. Any advise to solve this issue ?

Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

Subscribe to our weekly e-mails

The hottest research right in your inbox