Facebook malware spreading to users via Google Chrome

Discussion in 'malware problems & news' started by Dragon1952, Jun 30, 2016.

  1. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,174
    Location:
    Hollow Earth - Telos
  2. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,361
    Another obfuscated .JS malware downloader that uses WSH to execute ransomware. Disable WSH so javascript droppers can't silently execute.
     
  3. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Isn't the title of the article is somewhat misleading? Does it infect via chrome only?
     
  4. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    Yes. It's designed to infect others via Chrome.
    https://securelist.com/blog/incidents/75237/facebook-malware-tag-me-if-you-can/

    Extremely basic. Malicious extension for Chrome, autoit scripts to change browser shortcuts for Chrome/IE to load Chrome with the malicious extension. Malicious extension tags friends with a message that links to googledocs, and blocks the browser from accessing common AV/AM sites.

    Can't really imagine anyone here falling for this, and NormanF has the simplest solution to stop family from getting infected.
     
  5. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    235
    This is silly.

    It's made to sound like some high-end Chrome exploit.

    It uses google docs "https://drive.google.com/uc?export=download" to push a direct link. This is a straight browser agnostic download with prompts NOT a drive-by.

    Pure social engineering. Lame.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.