Fraud Analyst Christopher Talampas reported the finding after receiving a message from a Facebook friend containing a shortened link.
After clicking the link, he was taken to an imitation Facebook page that automatically downloaded a file titled Chrome_Video_installer.scr. The file is designed to trick the user into believing that it is needed to play a video, but it is actually malware detected as TROJ_KILIM.EFLD.
This variant attempted to download another file that researchers suspected may have been the final payload. However, the site has since been taken down. Talamplas noted that 36 percent of visitors to the fake Facebook page are in the Philippines, and five percent are in the U.S.