Cyber criminals are spreading malware through Facebook, by posing as friends of their victims.
They’re sending dodgy links to users through Messenger, which lead to fake, but legitimate-looking, versions of popular websites, such as YouTube.
Pop-up messages on these sites then encourage the targets to download malicious software.
The malware campaign was spotted by Kaspersky security researcher David Jacoby, who was himself targeted.
He said he received a Facebook message from a person he “very rarely” speaks to, comprising the words “David Video”, a shocked emoji and a bit.ly link.
“After just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks,” he said.
“The initial spreading mechanism seems to be Facebook Messenger, but how it actually spreads via Messenger is still unknown. It may be from stolen credentials, hijacked browsers or clickjacking.”
According to Mr Jacoby, the link leads to a Google Doc that displays what looks like a playable video, using a blurred-out picture taken from the victim’s Facebook page.
Clicking this takes you to one of a number of websites, which can change depending on your browser, location and operating system.
For instance, on Chrome Mr Jacoby was taken to a fake version of YouTube, which tried to trick him into downloading a malicious Chrome extension.
On Firefox and Safari, meanwhile, he was taken to a site displaying a fake Flash Update notice.
“The people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts,” added Mr Jacoby.
“Please make sure that you don’t click on these links, and please update your antivirus!”