On Chrome, targets are taken to a fake version of YouTube (Getty)
Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
Cyber criminals are spreading malware through Facebook, by posing as friends of their victims.
They’re sending dodgy links to users through Messenger, which lead to fake, but legitimate-looking, versions of popular websites, such as YouTube.
Pop-up messages on these sites then encourage the targets to download malicious software.
11 useful Facebook Messenger features you didn't know existed
Show all 11
The malware campaign was spotted by Kaspersky security researcher David Jacoby, who was himself targeted.
He said he received a Facebook message from a person he “very rarely” speaks to, comprising the words “David Video”, a shocked emoji and a bit.ly link.
“After just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks,” he said.
“The initial spreading mechanism seems to be Facebook Messenger, but how it actually spreads via Messenger is still unknown. It may be from stolen credentials, hijacked browsers or clickjacking.”
According to Mr Jacoby, the link leads to a Google Doc that displays what looks like a playable video, using a blurred-out picture taken from the victim’s Facebook page.
Clicking this takes you to one of a number of websites, which can change depending on your browser, location and operating system.
For instance, on Chrome Mr Jacoby was taken to a fake version of YouTube, which tried to trick him into downloading a malicious Chrome extension.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies