A new spam campaign tries to fool Facebook users into downloading malware by luring them to a fake YouTube page supposedly featuring a friend’s video.
According to a scam alert from research firm ESET, victims receive either a false notification that they were tagged in a friend’s timeline post, or a message purportedly sent by a friend via Messenger.
Typically titled “My first video,” “My video,” or “Private video,” the fake message compels users to click on a link that sends them to the phony YouTube website. There, the user is instructed to install a plug-in to view the content—but it’s actually malware that fills the victim’s wall with fake videos and sends the same “My first video” messages to that person’s friends, further propagating the threat.
To eliminate the threat, ESET advises victims to remove the plug-in, disguised as a “Make a GIF” app, from their browsers. Currently, the threat only impacts users of Google Chrome.