Cross-platform Malware for Windows/Mac/Linux is Spreading via Facebook Messenger


Facebook messenger

Yes, something else for you to keep your eyes open for.

Watch out if you get a Facebook message that includes:

  • The recipient’s name
  • The word ‘video’
  • A shocked emoji followed by a shortened URL

Because the message comes from one of your friends, you could be fooled into clicking the link. If you do, the malicious link opens a Google document containing a blurry picture taken from your Facebook page that looks like a playable movie.

If you try to play the video, the malware will send you to one of a number of different websites, depending on your Web browser, operating system, location, and other factors. This site will then prompt you to install malicious software.

For example, you use Google Chrome; you’d be redirected to a fake YouTube channel, complete with the official logo and branding. You would then see a fake error message designed to trick you into downloading a malicious Chrome extension. Firefox users, however, are sent to a website displaying a

If you use Firefox, you will be sent to a website displaying a fake Flash update notice, which, once run, attempts to run a Windows executable to install adware. Finally, Safari users are taken to a similar site, customised for macOS, encouraging them to

If you use Safari, you will be taken to a similar site, customised for macOS, encouraging you to download a malicious .dmg file.

This type of malware is designed to track your browsing activity using cookies and display targeted adverts. But it can also use social engineering to trick you into clicking on them.

This malicious code is highly sophisticated and complex, and researchers suggest that the malicious links are being sent from real Messenger accounts compromised as a result of stolen passwords, hijacked browsers or clickjacking techniques.

What do they get out of it? Well, each click on the ads generates revenue for the malware authors.

How to protect yourself 

The simple answer is to use caution with any link received from a Facebook friend. For greater security, experts recommend having a trusted,

Of course, making sure you’re protected by trusted and up-to-date antivirus is a must.

As with all internet threats, stay vigilant; stay safe.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.


Source: Panda Security