Facebook is fast becoming a popular platform for hackers who use blatant scams to lure the users and install malware on their machines. A recent barrage of videos about ghosts or other supernatural phenomenon makes use of this technique to possibly compromise user accounts.
According to Christopher Boyd of Malwarebytes, a number of scam videos are doing their rounds on Facebook. Many of these videos come with catchy or unusual titles, attempting to lure the user into clicking them. As soon as a user clicks one of these videos, he is then prompted to download and install a video player update. The update is, naturally, a malware which upon installation resides on your system.
Boyd has identified an eclectic list of the popular hoax videos which serve this malware campaign. This includes a fake ‘ghost attack’ video which leads to the installation of PUP.Optional.InstallBrain.A on the target machine. Similarly, another video purportedly shows an Aswang, which is a werewolf/vampire kind of a creature. Clicking this video prompts the users to download and install a malware shrouded in a software called ‘Scan your PC.’
Another video which serves a similar purpose is that of mermaids and clicking it leads to an installation of iLivid on your machine. The installation hides the real malware called PUP.Optional.Bandoo. Finally, there’s a shark video hoax which leads you to spam-infested pages upon clicking.
The worst part is that as soon as a contact or friend in your Facebook contacts list clicks one of these videos and installs a malware, the video is automatically shared from his account and starts spreading like wildfire. The only way to avoid such security-risk scams is to be on the alert while using Facebook and avoid clicking any suspicious videos.