Researchers at Trend Micro have discovered a scheme where criminals are using Facebook to distribute malware disguised as a Google Chrome video installer files. Users receive a message from a Facebook friend containing a shortened link. After clicking on the link, the user is redirected to a cloned Facebook page that automatically downloads a file entitled “Chrome_Video_installer.scr”. The file is designed to trick the user into believing that it is needed to play a video, but it is actually malware detected as TROJ_KILIM.EFLD. This variant attempted to download another file that researchers suspected may have been the final payload. However, the site has since been taken down. Security researchers noted that 36 per cent of the visitors of the fake Facebook page are in the Philippines, and U.S.
IT Security News Now
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street