Shortened URLs, which supposedly lead to a risqué webcam video on YouTube, are actually spreading malware to duped Facebook users, researchers warn.   

Bitdefender Labs revealed that scammers created over 20,000 unique URLs, which they in turn used to redirect victims to malicious websites hosting the bait video, The Guardian reported Monday. Facebook users are presented with the “video” via infected friends’ timelines, and attackers obscure the destination address of the link by using URL shortening service Bitly.

Those hoping to catch a glimpse of the video believe they are installing an Adobe Flash update, but they instead download malware detected as “Trojan.Agent.BDYV.” The threat spreads by tagging victims’ Facebook friends and “preventing infected users from deleting its posts from their timelines,” The Guardian article warned.

The data-stealing malware works in Chrome and Firefox web browsers, Bitdefender told the outlet, and appears to have been developed in Albania.