New Sneaky Methods Emerge In Fast-Spreading Facebook Tagging Scam

Posted on February 12, 2015 by .

Share and Enjoy:
Follow Me on Pinterest More More

It is just about every day that some new type of scam emerges on the social networking giant Facebook, which harbors over one billion people around the world now.

Two weeks ago a special type of scam appeared on Facebook where it is a post on a Facebook account wall claiming to be a private video with an enticing image, an image that bares NSFW content as shown in the sample image below. The post starts off with several friends being tagged to it further facilitating the spread of the post.

Sample image of Facebook Tagging Scam Post – Source: HotforSecurity

Probably one of the more discerning parts of this scam is that it automatically tags several Facebook friends through seeking out associated Facebook friends of the account that the attackers have access to. By tagging several other friends on a post, Facebook will notify each of the individuals and they will be apt to clicking on the post thus spreading it on to other Facebook friends of theirs. Rather a clever technique if you ask us.

Clicking on the link will then redirect web browsers to an external page through an anonymized service mimicking the look of Facebook that shows an alleged YouTube video. What the post uses is a sophisticated and encrypted JavaScript code that identifies the victim’s web browser and operating system, no matter if it is on a Mac OSX system or Windows PC. From there, the script will initiate the installation of a Chrome browser extension, which has been found to be malicious.

What has been discovered about the malicious Chrome extension that installs through this Facebook scam, is that it is able to act in behalf of the computer user and modify data appearing on websites that the user accesses. The use of obfuscated JavaScript functions is a fairly new technique to be used through a social network scam. Such an instance is something that is rarely successful, until now.

The browser extensions that have propagated in this Facebook scam are able to rides in the web browser. Its coding, mostly consisting of encrypted JavaScript, points to another website controlled by the hackers who have orchestrated this scheme. Several files identified in this scam, including sssssefv.js and background.js, may avoid detection to a certain point.

The controller of the malicious files through its clever encrypted JavaScript code is able to create anonymized links and fetch photos to be used as baited Facebook posts. It also goes as far as to create short URL links for each Facebook post, all in an automated fashion.

Such a clever and automated threat on Facebook could be the start to a new type of scam that attacks users by the droves. Ultimately, Facebook scams like these could easily allow hackers and cybercrooks to cash in by taking over functions through Facebook and eventually controlling computer’s to perform other malicious acts over the internet. The possibilities are virtually endless.

Popularity: 3%

Leave a Reply

To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word