A scam that promises naked videos of users’ Facebook friends has already hit more than 2,000 people, including many from Australia.
According to research released by Bitdefender Labs, the new scam has just started to make the rounds Facebook, and has the ability to multiply itself and tag users’ friends.
Curious users who click to see their friends naked are quickly falling victim to the Trojan which is virulently spreading across the social media network.
Able to quickly multiply itself, the scam redirects users who click the link to a fake YouTube website where a “FlashPlayer.exe” file deploys a Trojan.
The malware then installs a browser extension capable of posting the scam on a user’s behalf and stealing their Facebook pictures. According to Bitdefender, more than two million users have allegedly clicked on the infected “YouTube” link and more than 6,000 .tk websites have been registered for malicious purposes.
To avoid detection, cyber criminals have varied the messages attached to the scam ranging from: “[user’s name] private video”, “[user’s name] naked video” and “XXX private video”. Malware writers can also redirect users to fake surveys, toolbars, videos and converter downloads.
Additionally, a six-month study by Bitdefender revealed many other Facebook scams are now circulating. Tailored to user profile information, the faux-ads tout cheap pharmaceuticals, designer knock-offs and other products with the intention to collect sensitive personal information and solicit participation in SMS sweepstake scams.
Most notably, scammers are increasingly taking advantage of Facebook targeting tools and user trust in a trend reminiscent of traditional spam.
The study of 50,000 unique domains revealed pharmacy products account for 33 percent of these suspicious Facebook ads while replicas comprise 30 percent, dating accounts for 19 percent and gambling covers 18 percent.
Andrei Serbanoiu, an Online Threats Researcher at Bitdefender said the rapid growth of the social network and precision of its advertising tools are prompting criminals to lure Facebook users with tempting offers that usually end in the theft of user data.
“The fact that the ads are encapsulated inside a trustworthy environment gives spammers a trust boost and definitely lures in more users than your average spam message,” Serbanoiu said.