In April and May of 2015, two social media updates widely shared on Facebook resulted in the infection of hundreds of thousands computing devices around the world. One of the updates was a post that enticed Facebook users to click on a link to a video that ostensibly featured an outrageous event involving a pregnant woman at the beach. The other update promised a sexy video.
Internet security experts who analyzed the two Facebook posts found that both were created for the purpose of distributing malware across social media circles. The two updates shared a couple of things in common: first of all, the introduction was enticing and impersonal; second, both posts tricked computer users into updating their Adobe Flash software or else download a different video player.
Agreeing to the purported download of the video player or Flash update resulted in the installation of malicious hidden applications that would either monitor the keystrokes of the infected device or else force the browser to display spam and navigate to other unwanted advertising pages. One of the updates even mimicked the layout of a Facebook page and asked users to input personal data so that they could be updated whenever new, shocking videos were available.
The above-mentioned Facebook updates are perfect examples of Trojan horse attacks, a common method to spread malware. In the past, malware was mostly spread through email chains and phony landing pages; these days, however, social networks are making it easy for malicious hackers to reach more victims.
Social networking features such as sharing and tagging are being widely abused for the purpose of distributing malware. The fake sexy video post, for example, was programmed to also infect the Facebook account of the victim so that the update would be shared automatically while also tagging up to 20 friends.
Malware distributors are becoming very keen observers of the dynamics of online social networks; to that end, they know how to craft a social media update that would entice an unsuspecting victim to click. In other words, they know what could make their posts “go viral” so that they can be spread like wildfire on Facebook and other popular social media platforms.