BitDefender security researcher come across a Polymorphic Facebook Scam attack that can lead users to 'adult chat page' or 'malware downloader' or 'phishing' or any other type of dangerous pages.
The scam disguised as an invite to view a leaked sex video. Once user clicked the link, it leads to site that replicates Facebook. Here, the user are asked to install a Divx plugin to view the video.
“This is an interesting and quite complex type of scam. In data security lingo, this would qualify as a polymorphic attack, which basically means that the malicious content served can be changed by the attacker thanks to the browser extension installed. If one user lands on the adult chat page, another may reach the malware downloader or even a whole different web page set up for phishing” stated Andrei Serbanoiu, Bitdefender Online Threats Analyst Programmer.
 |
| Image Credits: Bitdefender |
Once user installed the browser extension, it will take the victim different pages. In one of attack, the page leads to a sex video page. Here, the user are asked to download premium video player 7pic, which actually hides a piece of malicious code.
The extension also allows the scammer to take control of the user cookies to advertise the scam and 'like' and 'share' the scam page. This results in the victims’ friends being exposed and to the victim itself being subject to other possible attacks launched by means of links posted on the liked page.
To stay away from these type of attacks, users are advised to install the extension from trusted sources.
