A new malware was spotted by security researchers at Kaspersky Lab, targeting Facebook users. According to the researchers’ new report, there have been 10,000 victims in two days.
The malware has two stages: firstly, an unsuspecting victim gets a message from a Facebook friend, saying they had mentioned them in a comment. But when the victim clicks to see the comment, they instead download a bunch of malware, including a Chrome add-on which can take over the victim’s Facebook account, once they log back in.
After that, anything is possible, including privacy settings changes, data extraction, and so on. The victim’s account is also used to keep spreading the message, as well as gather fraudulent likes and shares. The malware is protecting itself by trying to blacklist antivirus sites.