A massive adware campaign is being spread through Facebook Messenger, a security researcher found.
How the campaign is spreading links through Facebook is unclear, but the campaign involves many domains to avoid tracking and “advanced and obfuscated” code, according to a blog post by Kaspersky Lab researcher David Jacoby.
Victims receive what appears to be a video link from a Facebook friend, but that link opens up a Google Doc landing page that redirects victims to other websites according to their browsers, operating systems and other settings. For example, a Chrome browser user may be directed to a fake YouTube site and tricked into downloading a phony browser extension, or a Firefox user may be asked to update Flash Media Player. In both cases, they’d be downloading adware instead.
“As far as I can see no actual malware (Trojans, exploits) are being downloaded but the people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts,” Jacoby wrote.