Ah, porn: it’s the social engineering lure that never seems to fail to work. A new scam using a supposed porn video is going around Facebook, and is responsible for infecting more than 110,000 users in just its first two days.
The gambit works like this: a Facebook friend will share a pornographic video clip to another friend’s wall, so it shows up in the news feed. This is an interesting tactic and should be a red flag right away, considering that most people like to keep their “personal” activities, well, personal. But if the postee, or anyone else who sees it in the news feed, clicks on the link, they will be prompted to install a Flash update. And that update of course is nothing but malware.
“The trojan tags the infected user’s friends in an enticing post,” explained security researcher Mohammad Faghani, in a post to the Full Disclosure mailing list. “The fake Flash player is the downloader of the actual malware.”
The malware is focused on propagation as well. Once it infects an account, it re-shares the supposed clip, tagging up to 20 friends. It’s a tactic that Faghani calls “Magnet,” and it’s a much more efficient way to go viral than sending person-to-person private messages.
One installed, the malware can hijack victims’ keyboard and mouse movements.
Facebook is actively looking to block the scam’s spread, and said that it is working to stop it spreading further across the social network.
“We use a number of automated systems to identify potentially harmful links and stop them from spreading. In this case, we’re aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites,” the social network told Kaspersky Lab’s Threatpost. “We are blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook.”