ESET researchers analysed a scam campaign on Facebook that spreads a malicious browser plugin via social engineering techniques.
The attack starts by luring a Facebook user into playing a video, most often titled “My first video”, “My video” or “Private video”. After clicking on the link, the victims are directed to a fake YouTube website where, instead of downloading and playing the video, they are requested to install an additional extension:
The extension is a malicious version of the otherwise legitimate “Make a GIF” plug-in. ESET detects this threat as JS/Kilim.SO and JS/Kilim.RG and users of ESET security products are protected from it.
If the victims install the malicious plug-in, their browser becomes infected and carries the infiltration further: their Facebook wall becomes flooded with fake video posts tagging multiple friends from their friends list and subsequently, all online friends will receive an identical message via Messenger with the same harmful contents.
At the beginning of April, 2016, ESET systems detected this threat more than 10,000 times in dozens of countries around the world. The malicious campaign is spreading spam messages and infecting Facebook accounts with a very high rate of success. At this point, the infiltration only targets Chrome users, but there is no guarantee that it will not spread to other browsers in the future.
What should you do?
- Immediately remove the malicious “Make a GIF” extension from your Chrome browser.
(Go to Customize and control Google Chrome -> More tools -> Extensions -> Make a GIF -> Remove from Chrome.)
- Scan your computer with a reliable antivirus software. If you don’t have any security software installed on your personal computer, you can use ESET‘s free solution ESET Online Scanner.
Additional details about the scam, as well as ESET’s recommendations to avoid falling victim to it, can be found on ESET Ireland’s official blog.