Home > Cyber News > Eko Malware Spread via Facebook Messenger Spam Campaign

Eko Malware Spread via Facebook Messenger Spam Campaign


Facebook is often targeted by spammers and scammers, scenarios which often lead to malware infiltration. Unfortunately, some of these campaigns may turn out to be more persistent than expected. Such a Facebook spam campaign, recently detected in France has caused quite the havoc. The magnitude of the campaign even caught the attention of the government which issued a formal warning several days ago. Because of the high number of infections, legal actions had to be taken.

Related: Facebook Virus Posts Your Profile Picture With a Link

Specifics of the Spam Campaign

Victims of the spam operations receive a message (in Facebook Messenger) with a video from someone in their friend list. The message contains a question about the identity of the person in the video. The link is masqueraded as a YouTube video uploaded online but is in fact a maliciously crafted one. Researchers say that the message is well-thought and engineered, and successfully convinces the victim. It has both the recipient’s name and photo for the preview of the spam link.

Malwarebytes researchers report that the personal messages contain the following elements:

  • The receiver’s profile picture (or other picture);
  • The receiver’s name;
  • The word “Video” juxtaposed beside the receiver’s name;
  • A link that says “xic.graphics” under the image, which is a fake YouTube video.

Users who open the link are taken to an installation of a Chrome browser extension needed for the video to be played. Needless to say, the extension is malicious and has a piece of malware dubbed Eko.

There are no indications that Eko is being delivered to users outside of France, but considering the growth and frequency of spam-delivering-malware campaigns, it is to be expected.

Precautionary Measures against Spam and Malware

Apparently, Facebook has taken things in their hands and is currently scanning and blocking the spam messages. In addition, France’s Interior Ministry issued a warning on October 4 via its Facebook page prompting users not to click on these links.

Victims of the spam campaigns are advised to go through their browser’s settings and remove the malicious extension (supposedly installed for the video to be played). Besides Google Chrome, other browsers may have been affected as well.

Also, make sure to keep your system protected at all times. Prevention is the best option against malicious software.

Below you will find some “classical” anti-spam approaches to consider in the future…

Anti-Spam Protection Tips

  • Employ anti-spam software, spam filters, aimed at examining incoming email. Such software serves to isolate spam from regular emails. Spam filters are designed to identify and detect spam, and prevent it from ever reaching your inbox. Make sure to add a spam filter to your email. Gmail users can refer to Google’s support page.
  • Don’t reply to dubious email messages and never interact with their content. Even an ‘unsubscribe’ link within the message body can turn out to be suspicious. If you respond to such a message, you will just send a confirmation of your own email address to cyber crooks.
  • Create a secondary email address to use whenever you need to register for a web service or sign up for something. Giving away your true email address on random websites is never a good idea.
  • Your email name should be tough to crack. Research indicates that email addresses with numbers, letters and underscores are tougher to crack and generally get less spam emails.
  • View your emails in plain text, and there’s a good reason why. Spam that is written in HTML may have code designed to redirect you to unwanted pages (e.g. advertising). Also, images within the email body can be used to ‘phone home’ spammers because they can use them to locate active emails for future spam campaigns. Thus, viewing emails in plain text appears to be the better option. To do so, navigate to your email’s main menu, go to Preferences and select the option to read emails in plain text.
  • Avoid posting your email address or a link to it on web pages. Spam bots and web spiders can locate email addresses. Thus, if you need to leave your email address, do it as it follows: NAME [at] MAIL [dot] com or something similar. You can also look for a contact form on the website – filling out that form shouldn’t reveal your email address or your identity.


Malware Removal Tool

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree