Malware behind Emma Watson Facebook videos

Malware behind Emma Watson Facebook videos

Salacious pictures and videos are increasingly being used by scammers to foist malware on unsuspecting victims. The conduit of choice for the scammers is often via well-known social media sites such as Facebook. The favourite subject of the pictures and/or videos has lately become well known celebrities. Another such scam has surfaced in the last week.

Figure A shows in 2012 Emma Watson placed number 1 in the “Most Dangerous Celebrities” list produced by McAfee.

MailShark Malware behind Emma Watson Facebook videos Most Dangerous Celebs 2012 Top10 Sep 5
Figure A – Click to Enlarge

The scam is a purported video of Emma Watson. A message on Facebook gives a link that, when clicked, gives a realistic looking YouTube window. However, the YouTube window displays a message as follows:

“Our system detected that you are using an outdated Video Player version, in order to watch videos on YouTube please update to the latest secured version of Video Player by clicking [the] ‘Upgrade Now’ button below. Once you download and install the update, refresh the browser to watch the video.”

Clicking on the “upgrade now” button installs the malware Trojan.Agent.BFQZ on the user’s system. The malware can then perform other actions, such as reposting the video on the user’s timeline, liking and following other posts (without the user knowing) and potentially downloading the Facebook colour changing malware. Liking and following other pages is especially pertinent, as often the pages that are liked are monetized pages.

The  malware also can direct the user to survey sites, which are designed to extract the user’s credit card details and other forms of personally identifiable information.

Facebook scams have been identified as a good conduit by cyber criminals. Just this year we have seen big scams relating to MH17 and Ebola. These two news items of 2014 have been used by cyber criminals to trick unsuspecting users into either installing malware or surrendering personal details, or both.

If you receive such messages on Facebook (or other social media), ignore them. A good place to check (if you are unsure of the veracity of a post on Facebook) is the Australian Government’s “Stay Smart Online”, which provides up to date information on the latest scams.

Scott Reeves
Free anti-spam service
Free email filter service

Share This Post

Post Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.