Recent reports and warnings from companies such as Avira and Kapersky have pointed to a new wave of spam hitting Facebook Messenger. Over the past few weeks, messages from compromised Facebook accounts contain a short-link to a site redirection. From there , adware and malware files/extensions are promoted to the user for installation. If installed, the adware collects Facebook account credentials, thus spreading the spam messages to a new set of users.
Bleeping Computer has indicated that the spam messages follow the format below:
User’s first name
The word “video”
A bit.ly or t.cn short-link to the redirection pages.
It’s been reported that Firefox users on Windows and Mac are being redirected to a page offering a fake Flash Player installer. Kaspersky says this file installs adware on users’ PCs.
On Chrome, the spam campaign redirects users to a fake YouTube page pushing a malicious extension. It is believed that crooks use this Chrome extension to push adware and collect credentials for new Facebook accounts, which they later use to push the spam messages to new users also via the same malicious Chrome extension.
Users that encounter this spam campaign should avoid clicking on the malicious links, but also reach out to the person who sent the message and advise him to change his account credentials. Reporting the spam messages to Facebook is also recommended.