Incident Response, Malware, Network Security, TDR

Facebook scam promises friend’s video, delivers malware instead


A new spam campaign tries to fool Facebook users into downloading malware by luring them to a fake YouTube page supposedly featuring a friend's video.

According to a scam alert from research firm ESET, victims receive either a false notification that they were tagged in a friend's timeline post, or a message purportedly sent by a friend via Messenger.

Typically titled “My first video,” “My video,” or “Private video,” the fake message compels users to click on a link that sends them to the phony YouTube website. There, the user is instructed to install a plug-in to view the content—but it's actually malware that fills the victim's wall with fake videos and sends the same “My first video” messages to that person's friends, further propagating the threat.

To eliminate the threat, ESET advises victims to remove the plug-in, disguised as a “Make a GIF” app, from their browsers. Currently, the threat only impacts users of Google Chrome.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.