#Mac os virus facebook update
It was a fake update for Flash Media Player, and when I clicked the link an OSX executable. When using the OSX Safari browser I ended up on a similar website to the one I was directed to when using Firefox, but it was customized for OSX users. It is unclear if this is related to the campaign, but it is still an amusing piece of information. One interesting finding is that the Chrome Extension has log files from the developers displaying usernames. At the time of writing, the file which should have been downloaded was not available. The Chrome Extension is a Downloader, which means that it downloads a file to your computer.
#Mac os virus facebook download
The website then displays a fake error message tricking the user to download a malicious Google Chrome extension from the Google Web Store. When using the Google Chrome browser I was redirected to a website which mimics the layout of YouTube, even including the YouTube logo.
#Mac os virus facebook windows
For example, when using FIREFOX I was redirected to a website displaying a fake Flash Update notice, and then offered a Windows executable. What I noticed during my research was that when changing the User-Agent header (browser information) the malware redirects you to different landing pages.
We all know that clicking on unknown links is not something that’s recommended, but through this technique they can basically force you to do so. It might be your language, geo location, browser information, operating system, installed plugins and cookies.īy doing this, it basically moves your browser through a set of websites and, using tracking cookies, monitors your activity, displays certain ads for you and even, in some cases, social engineers you to click on links. I would like to describe it as a domain chain, basically just A LOT of websites on different domains redirecting the user depending on some characteristics. This technique is not new and has a lot of names. Depending on their operating system they are directed to other websites. When the victim clicks on the fake playable movie, the malware redirects them to a set of websites which enumerate their browser, operating system and other vital information. The document has already taken a picture from the victim’s Facebook page and created a dynamic landing page which looks like a playable movie. The message reads “David Video” and then a bit.ly link. The message uses traditional social engineering to trick the user into clicking the link. At the moment we are not sure because this research is still ongoing. It may be from stolen credentials, hijacked browsers or clickjacking. The initial spreading mechanism seems to be Facebook Messenger, but how it actually spreads via Messenger is still unknown. Here is a screenshot of the JavaScript, an potential injector. This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on.Īfter just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. Void where taxed, restricted or prohibited, and to employees of Webroot and participating online affiliates.One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. Webroot reserves the right to modify, cancel or terminate this offer at any time without notice. May not be combined with any other offer, coupon or discount. Not valid on previously purchased or out-of-stock merchandise.
Offer applies only to subscriptions purchased from or by phone at 1-86, and is available only while supplies last. During the Offer Period, you will receive 25% off the MSRP purchase price (excluding applicable taxes) when you purchase a 1 year / 1 device, or a 1 year / 3 device subscription to Webroot SecureAnywhere® AntiVirus, 25% off the MSRP purchase price (excluding applicable taxes) when you purchase a 1 year / 3 device, or a 1 year / 5 device subscription to Webroot SecureAnywhere Internet Security Plus, or 25% off the MSRP purchase price (excluding applicable taxes) when you purchase a 1 year / 5 device subscription to Webroot SecureAnywhere Complete. Offered in United States between 10:00 AM MT on August 22, 2017 and 12:00 PM MT on Novem("Offer Period").
0 kommentar(er)
