Bitcoin budgenius stocks
11 commentsDogecoin address shortener analysis
Some time ago, an antivirus expert from our Global Research and Analysis Team, David Jacoby, discovered multiplatform malware that was distributed through Facebook Messenger. A few years ago, similar outbreaks were occurring quite often, but none have appeared lately; Facebook was doing a lot to prevent similar attacks.
First a preliminary report was published. At that time, Jacoby still had not had enough time to research many details about how the malware operated, but now he has, and we are ready to share them. The page that users were redirected to after following the link in Facebook Messenger was basically a PDF file that had been published to Google Drive. It opened as a preview. The link caused several redirections, landing the user on one of several websites. Victims using browsers other than Google Chrome ended up on a website offering to download adware masked as an update for Adobe Flash Player.
In the case of Chrome, that was just the beginning: If the victim agreed to install the extension offered on the landing page, it began monitoring what websites the user opened.
The crooks had found an interesting bug in Facebook. As it turned out, the unsecure Facebook Query Language FQL , which was disabled a year ago , was not completely wiped out; it was blocked for applications, but with a few exceptions. By using the stolen credentials and accessing the obsolete Facebook feature, the crooks could request that the social network send them the contact list of the victim, cull those who were not currently online, and randomly select 50 new victims from the remainder.
Then, those users were bulk-messaged with a new link to Google Drive with a PDF file preview generated with the picture of the person on whose behalf the new messaging wave commenced. All in all, a vicious cycle.
In the course of the attack, Jacoby and Rosen observed, the malefactors changed several of the specific pages, possibly as Facebook closed the previous ones. Nonetheless, this story is a great reminder that extensions for browsers are not as harmless as they may seem. Also, clicking every link, even links that seem to be from someone you know, is out of the question. Digital device searches at the border: How bitcoins are stolen.
Xiaomi Mi Robot vacuum cleaner hacked. Alex Drozhzhin 47 posts. Facebook Anti-malware research Facebook Messenger google chrome malware. Bulk messaging malware in Facebook Messenger September 4, Threats. The user received a message in Facebook Messenger from a friend. It might look like this, for example: The link redirected to Google Drive, where the user saw something resembling a video player with a picture of the original sender in the background and what looked like a Play button.
If the user agreed to the installation, then the extension began to send out malicious links to their friends — and everything followed the same algorithm for each of them over again. Users of other browsers were persistently reminded to update their Adobe Flash Player instead of being offered the extension. The file they downloaded turned out to be adware — essentially, malefactors used advertisements to earn their money.
Clicking the link led friends of the victim to this page. A fake YouTube page offering to install Google Chrome extensions. Transatlantic Cable Podcast, Episode 1. How to keep your home network and its smart devices safe.
How bitcoins are stolen Xiaomi Mi Robot vacuum cleaner hacked. Don't show me this message again. Products to Protect You Our innovative products help to give you the Power to Protect what matters most to you. Discover more about our award-winning security. In just a few clicks, you can get a FREE trial of one of our products — so you can put our technologies through their paces.