Facebook is undeniably one of the most popular sites out there, enabling people around the world to meet and interact with just a few clicks and taps. With this in consideration, the social networking site has also been the favorite place of cybercriminals to do their scamming business, and take advantage of the obliviousness of unsuspecting people.
Malware has recently been seen spreading to Facebook users on Google Chrome, which takes the form of an innocent-looking notification. According to Hackread, a user will be notified of what seems to be a friend who tagged them on a certain comment on a Facebook post. If the user clicks on the notification, malware will be downloaded to the computer.
While downloading the file isn"t enough to infect a computer, those who are not aware at how these scammers work might just execute the file, which will then activate the malware inside it.
In an analysis on StackExchange, one researcher stated that the program, shown above, is a "typical obfuscated JavaScript malware" which takes advantage of the Windows Script Host to download the rest of its payload. The JavaScript file downloads what appears to be a Google Chrome extension (manifest.json and bg.js), the autoit Windows executable, and other autoit scripts which are suspected to possibly contain ransomware. "All of these files are named with .jpg extensions on the (likely-compromised) server they are hosted, to be less conspicuous," commented a programmer on the website.
The malware"s behavior can be compared to the recently reported RAA ransomware, which takes advantage of JavaScript files in order to trick users into opening the file.
It is still not known if the malware only targets Google Chrome users, or users of other browsers like Edge, Firefox, or Safari have experienced any similar problems.
For now, we advise users of Facebook to be extra careful of what they click on, and stay away from elements that might compromise their accounts.
Source: Hackread