28 Apr 2016

New malware targets Facebook users

IT security company ESET warned Facebook users on Wednesday (April 27, 2016) of another malware-spreading scam.
ESET, a global pioneer of proactive cybersecurity solutions, warned of another scam campaign on Facebook that spreads a malicious browser plugin via social engineering techniques.

The attack starts by luring Facebook users into playing a video, often titled “My first video”, “My video”, or “Private video”.
After clicking on the video link, users will be directed to a fake YouTube website where they will be requested to install an additional extension before the video can be played.
The extension is a malicious version of the otherwise legitimate “Make a GIF” plug-in.
ESET detects the threat as JS/Kilim.SO and JS/Kilim.RG and users of ESET security products are protected from it.
If the user installs the malicious plug-in, his/her browser becomes infected and carries the infiltration further to his/her Facebook timeline, which becomes flooded with fake video posts tagging multiple friends from their friends list. Subsequently, all their online friends will receive an identical message via Messenger with the same harmful video link.
By the start of April 2016, ESET systems had detected this threat more than 10,000 times in dozens of countries around the world. Currently, more than 2,600 people within Asia Pacific have been affected. The highest incidence of this scam was found in the Philippines where 1,803 people have fallen victim to the scam.
untitled22






“The malicious campaign is spreading spam messages and infecting Facebook accounts with a very high rate of success. At this point, the infiltration only targets Chrome users, but there is no guarantee that it will not spread to other browsers in the future. This scam also has potential to become more dangerous in the future, spreading other, more powerful malware with new capabilities,” said Lukas Stefanko, ESET Malware Researcher.
ESET’s recommendations for victims of this scam include:
1. Immediately remove the malicious “Make a GIF” extension from your Chrome browser.
Either type “chrome://extensions/” into the address bar or go to Customize and control Google Chrome -> More tools -> Extensions -> Make a GIF -> Remove from Chrome. If you also use the legitimate “Make a GIF” extension, use the pictures below to distinguish the original version from the infected one.
unnamed
Figure 1 Infected and not infected extension
If you click on Details -> View in store, you will see details about extension.
unnamed (1)
Figure 2 Clean variant of Make a GIF
unnamed (2)
Figure 3 Infected Make a GIF
2. Scan your computer with a reliable antivirus software. If you don’t have any security software installed on your personal computer, you can use our free solution ESET Online Scanner.
Additional details about the scam, as well as ESET’s recommendations to avoid falling victim to it, can be found in an article on ESET’s official blog at WeLiveSecurity.com