Facebook Messenger is in a tight spot at the moment. Even though the social media site is spending an excruciating amount of effort on keeping malware and other virus away from users, the messaging app came under heavy fire over the final months of 2017.
According to an investigation by Kaspersky Lab, hackers found a security exploit and swarmed the userbase with fake messages rigged with malware. If you carelessly follow the suspicious link, your account is either turned into a zombie proxy to continue spreading the corrupted messages or brainwashed into becoming a Bitcoin-mining slave.
Fake videos & Digmine sweatshops
Once the harm is done, users are left with an infected system that monitors their activity. The moment they log back into Facebook the malware copies their credentials, effectively creating a skeleton key of its own. Then the virus steals the contact list and chooses a set of new victims, sending them a message similar to the one that caused the original breach.
The Digmine virus works in a similar fashion. It targets people who are accessing Messenger via Chrome and baits people with the same fake video link, but instead of downloading malware victims are fooled into downloading a sneaky cryptocurrency mining bot that leeches their hardware power to generate money for the crooks.
As it stands now, Facebook has gated off the loophole that allowed people to send malware. However, the cryptocurrency-craze is still at large and new ways of exploiting people’s video cards surfaces every day.
Preventing an account hijack
Don’t get too agitated though, since the key to avoiding malware is in your hands. Exercise vigilance and a healthy dose of skepticism when receiving otherwise innocuous-looking links from a friend. If the message isn’t accompanied by a believable explanation, ask the sender about the shared content.
Malware is programmed to ‘possess’ someone’s account, meaning that it cannot reply to an inquiry. In most cases your friend will be just as clueless and, in fact, thank you for drawing attention to the issue. Beyond that, be sure to immediately stop following the link if you are forced to jump through several pages just to reach the content.
What to do if an accident happens?
On a final note, be on the lookout for fake games too. Facebook is chock full of funny little time-wasters, but occasionally an insidious trap passes into the vetting system. Even though fake games don’t qualify as viruses, they are programmed to siphon the player’s user credentialsand to trash the comment section with spam messages.
Tamás Ő.
Adam B.
User feedback