Facebook Messenger has become the latest minefield for unwary computer users, thanks to a new variety of malware that has emerged over the past few months.
The malware is called Digmine and it disguises itself as a non-embedded video file, under the name video_xxxx.zip. Once the user clicks on this simulated video file, malware spreads, downloading files from a remote server.
The Hacker News reports on the Facebook Messenger scam, “If you receive a video file (packed in zip archive) sent by someone (or your friends) on your Facebook messenger — just don't click on it. Researchers from security firm Trend Micro are warning users of a new cryptocurrency mining bot which is spreading through Facebook Messenger and targeting Google Chrome desktop users to take advantage of the recent surge in cryptocurrency prices.”
The Burton Mail in the United Kingdom explains, “The scam sees victims met with a message, seeming to be from a friend, which says: ‘OMG! It's you?’ and has a link to what appears to be YouTube. However, when they click on the link, the link downloads malware onto the computer, allowing for similar messages to be sent from the victim's account. It is likely that the virus can then download on to victims' computers and be used to collect personal information that could be used to access bank accounts, although this has not been confirmed.”
In other instances, Facebook Messenger users click on a message that seems to log them out of their Facebook account and then displays what seemed to be standard Facebook login with text fields for the email and password. When they enter their credentials, they are then brought to a page with a Youtube-like link which downloads the malware. So now the hackers had their username and password, as well as infecting their computer.
Facebook recommends that anyone infected with this malware should change their password. If you use the same password for other accounts (which we do not advise – see our blog on creating safe passwords and passphrases), you will need to change those passwords immediately.
Avoiding hacks similar to this Facebook Messenger scam start with the computer and its programs. Facebook offers links for eliminating malicious add-ons and extensions. And PC Magazine provides a list of malware-fighting software, including free options.
However, the most important way to avoid this Facebook Messenger malware to be very careful about what links you click on.
“Watch what you click,” Ben Stegner of MakeUseOf.com warns. “This is basic advice that applies all over the internet, but it’s still worth a reminder here. Don’t ever click on something that you are unsure about or that doesn’t seem safe. It could be a Facebook ad or a message sent to you by a friend, but if looks shady, ignore it. Use a link unshortening service if you’re not sure whether a shortened URL is clean.”
If you are a victim of the Facebook Messenger scam, contact Sinu immediately. If you aren’t a Sinu customer and handling the issue yourself, here are some of the steps you can take, summarized from Ben Stegner’s article:
- Back up personal files
- Disconnect from the Internet
- Boot in safe mode or with a live antivirus rescue disk
- Use another computer with Internet access to resolve the issue
- Try to identify the actual malware and search for fixes
- Scan with multiple programs until no infections are found
- Clean up temporary files and worthless programs
- Delete “system restore”
- Fix post-malware removal problems
- Change passwords
Even the latest anti-malware and patches cannot prevent every attack. However, there are steps we can all take that can minimize the risk – from strong passwords to diligence about what you install and when you click on a link. If you have any questions about the security of your technology, give us a call and we would be happy to tell you about the Sinu Solution and how we keep your data safe.