New Facebook Tagging Scam Is in the Wild, Containing Malware That Can Infect Every Device

It seems that scams and hoaxes really are part of a typical Facebook day. After previous reports of a privacy notice post hoax spreading on the social networking website, another type of scamming act is currently making the website’s rounds
New Facebook Tagging Scam Is in the Wild, Containing Malware That Can Infect Every Device
2/2/2015
Updated:
2/2/2015

It seems that scams and hoaxes really are part of a typical Facebook day. After previous reports of a privacy notice post hoax spreading on the social networking website, another type of scamming act is currently making the website’s rounds, where it has been reported that at least 5,000 computers have been infected with a backdoor trojan.

Bogdan Botezatu of HotforSecurity reports that cyber criminals have created a malicious tagging scam, that starts with an alleged “video,” in which 20 friends are tagged in. Looking at the “video” in the Facebook post, it displays a goo.gl host, which is a URL shortening service, and not a video hosting website, which makes the post very suspicious.

Botezatu explains further:

Users who click the respective video are sent to an external page, where their user-agent (the browser and operating system identifiers) are analyzed so hackers know where to redirect the victim. After all, it wouldn’t make any sense to redirect an Android user to Windows malware, would it?

The webpage where users are redirected to reportedly does a thorough scan of the victim’s system. The page is apparently device-agnostic, and can serve malware to various devices like Android phones, PC’s, PlayStation consoles, TV sets, smart cars, and media players.

Even so-called “dumb phones” are part of the action, as the criminals behind the scam will then redirect the user to an SMS fraud service that will try to lure the user into subscribing to a useless premium service.

If the victim is running a Windows PC, the user is then redirected to another Facebook page where the person is prompted to download a “Flash player” to be able to view the video.

Republished with permission from Neowin. Read full article