Thousands of Facebook Users Hit With Malware Attack

Facebook has become a hotbed for phishing schemes, and it is only getting worse. Kaspersky Labs researchers discovered a scheme that tricked some 10-thousand Facebook users into infecting their devices with malware.

A Kaspersky blog post details exactly how the scheme worked.

• Between the 24th and 27th June, thousands of unsuspecting consumers received a message from a Facebook friend saying they'd mentioned them in a comment. The message had in fact been initiated by attackers and unleashed a two-stage attack.  The first stage downloaded a Trojan onto the user's computer that installed, among other things, a malicious Chrome browser extension.
• This enabled the second stage, the takeover of the victim's Facebook account when they logged back into Facebook through the compromised browser. A successful attack gave the threat actor the ability to change privacy settings, extract data and more, allowing it to spread the infection through the victim's Facebook friends or undertake other malicious activity such as spam, identity theft and generating fraudulent 'likes' and 'shares'.
• The malware tried to protect itself by black-listing access to certain websites, such as those belonging to security software vendors. 

Facebook has blocked the threat, but it remains unclear as to exactly how many devices were infected, but there was an upside in the scheme

"Two aspects of this attack stand out.  Firstly, the delivery of the malware was extremely efficient, reaching thousands of users in only 48 hours. Secondly, the response from consumers and the media was almost as fast. Their reaction raised awareness of the campaign and drove prompt action and investigation by the providers concerned," said Ido Naor, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab.

Facebook, in general, is filled with phishing schemes. Every 'quiz' or 'app' you allow to access your information is just an agreement for the companies to access and sell your information. The best way to avoid becoming a victim is to read the fine print in everything, and always think before you click.