After the malware transmitted by a supposed video that we received from some contact in Facebook Messenger , a new coup using the same communicator arrived in Brazil and other countries in Latin America. Kaspersky Lab researchers have discovered the new threat, which analyzes the browser, operating system and personal information of the user. The malware uses advanced code and affects victims with adware using the Facebook messaging app.
The first cases of this malware were observed in early August and the attacks targeted users in Russia and Latin America, especially in countries like Brazil, Ecuador, Peru and Mexico. The malicious code is distributed through an alleged message from one of the user’s friends on the social network, fooling it to click on a link that leads to a Google Doc.
This method is not new. Adware uses the domain chain technique, which redirects and crawls users through malicious websites
When you open the document, it takes a photo of the victim’s Facebook profile and creates a landing page that appears to be a video. When it tries to play the video, the malware redirects to a set of sites that analyze the browser, operating system, and other personal information of the user.
New threat, ancient coup
“This method is not new.Adware uses the domain chain technique, which redirects and traces users through malicious websites, depending on features such as language, geographic location, operating system, browser information, installed add-ons and cookies, among others, “says Fabio Assolini, senior security analyst at Kaspersky Lab.
We all know it’s not recommended to click on unknown links, but this technique basically forces you to do so
He continues: “By doing so, it basically moves the browser through a set of web pages and, using tracking cookies, monitors activities, displays certain ads, and even performs actions so that users can click the links. We all know it’s not recommended to click on unknown links, but this technique basically forces you to do so. ”
Each browser a different blow
Analysts also detected that the malware redirects the user to different web addresses according to the browser used. The use of Firefox leads the user to a fake Flash update requesting the download of an EXE file marked as adware.
When using Chrome, for example, the user is redirected to a YouTube mirror site, which displays a fake error message that tries to trick the user – the message prompts to download a browser extension from Google’s online store, trying to install another file on your computer.
When using Safari, something very similar happens with Firefox, since it appears a false update of Flash Media Player that installs a executable file DMG in Mac, if clicked.
How to protect yourself?
Current research does not suggest that any malware, such as trojans or exploits, is downloaded to devices. However, the cybercriminals behind this attack are likely to make money from unsolicited advertising and access to many Facebook accounts.
Kaspersky recommends being alert and not clicking suspicious links. In addition, it is always recommended to install reliable anti-virus software that can prevent the infection of your devices.