Fatal Porn-based tagging malware infects thousands of Facebook accounts

It’s time to adjust your Facebook privacy settings as the famous social networking site is attacked by a fatal Porn-based tagging malware infecting thousands of Facebook accounts. Though it is not the first time that Facebook has been infected with a malware attack, but for this time the attack seems very perfect and takes over the control of the user’s device without leaving any suspicion.

HotForSecurity reports that last weekend the malicious tagging campaign infected at least 5 thousand computer users using the backdoor, and the campaign is still very much active.

How does this Tagging malware spread

tagging malware

The tagging malware spreads with an alleged video that tags perfectly 20 friends. The attackers ensure that an eye catching video that invites attention is different every time. The video shows the goo.gl host which is a URL shortening service and not a video hosting one.  Users who click on the video are directed to an external page where their browser’s information and OS details are analyzed by the attackers.

HotforSecurity says, that the OS check is quite thorough and include scenarios for multiple operating systems, ranging from Android mobiles to PlayStation consoles, media players, smart cars, TV sets and even dumb phones. If the user is browsing from any of these “low-interaction terminals” they are redirected to an SMS fraud service that tries to hook you up with a useless premium service for as low as €3.00 / $3.5.

This intrusion happens through a series of redirects, including one stopover to a mobile traffic monitoring service that provide hackers with insight about how many victims reached the scam and how many of them actually fell for it.

The malware also directs some users to a fake Facebook page asking for a Flash Player update to watch the video which is nothing but a porn clip seemingly better than the original video shown at the beginning.

Users who go for Flash Player update  end up downloading a SFX file  which, when clicked installs two pieces of malware contained within, called install.exe (detected by Bitdefender as Gen:Variant.Graftor.172986) and setup.exe (detected as Gen:Variant.Symmi.49919). The former is a generic backdoor that can be used to install various other malicious components, while the latter is responsible with propagating the scam on the Facebook accounts of the compromised victims.

Avoiding tagging malware

Users are best advised to first install an antimalware program on their Windows PC and keep an updated one. Be vigilant if your Facebook contacts would actually share a porn video on their wall, and even if someone has posted avoid clicking.

Secure your Facebook account and ensure that your privacy settings are such that it asks for your permission to display the content you’re tagged in to your followers, says HotForSecurity.

Be alert, be safe.

Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.