Facebook malware spreading to users via Google Chrome

Discussion in 'malware problems & news' started by Dragon1952, Jun 30, 2016.

  1. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,093
    Location:
    Hollow Earth - Telos
  2. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    Another obfuscated .JS malware downloader that uses WSH to execute ransomware. Disable WSH so javascript droppers can't silently execute.
     
  3. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    Isn't the title of the article is somewhat misleading? Does it infect via chrome only?
     
  4. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    Yes. It's designed to infect others via Chrome.
    https://securelist.com/blog/incidents/75237/facebook-malware-tag-me-if-you-can/

    Extremely basic. Malicious extension for Chrome, autoit scripts to change browser shortcuts for Chrome/IE to load Chrome with the malicious extension. Malicious extension tags friends with a message that links to googledocs, and blocks the browser from accessing common AV/AM sites.

    Can't really imagine anyone here falling for this, and NormanF has the simplest solution to stop family from getting infected.
     
  5. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    221
    This is silly.

    It's made to sound like some high-end Chrome exploit.

    It uses google docs "https://drive.google.com/uc?export=download" to push a direct link. This is a straight browser agnostic download with prompts NOT a drive-by.

    Pure social engineering. Lame.
     
Loading...