Being the largest social media platform in the world is quite the achievement, but it also comes with quite the responsibility. Users are bombarded very often with scamming advertisements of different nature, most of which get them to watch a video or visit an article. Usually these very same marketing tricks used as click bait work when malware is the object advertised, which is very bad news for security vendors and users. In this article we aim to show you some of the most notorious Facebook viruses out there and provide removal instructions in case you experience symptoms of those viruses on your computer. We have also included some tips on how to increase the protection against such threats in general.
Update July 2019! What is Facebook Virus? What does Facebook Virus do? How to get rid of Facebook Virus?
SIDENOTE: This post was originally published in September 2018. But we gave it an update in August 2019
The Facebook Viruses
Watch This Video Of You Facebook (Update August 2019)
Recently a SPAM wave of phishing sites related to the Facebook social network have been set against end users worldwide. These pages are usually hosted on similar sounding domain names and may use security certificates that are self-signed. There are several variants under which this threat can appear as:
- Phishing Login Pages — The users can be presented with fake login pages that copy down the exact page used by the social network. The title “Watch This Video of You Facebook” can be placed in the head of the page, as the title or somewhere inside the contents. If the users enter these pages then they will be asked to input their Facebook account data. This will automatically transmit it to the hacker operators.
- Malicious Facebook Applications — They can easily be uploaded to the Facebook page and appear as legitimate and useful plugins, extensions, games or applications. Using fake or hacked developer credentials the victims may be enticed into opening them. The descriptions will feature descriptions that will promise new additions and functionality.
- Multimedia Redirect Content — Using fake, hacked or automatically generated user profiles links to the dangerous content can be posted on their wall, story or in groups. In most cases the links can be hidden in URL shorteners or through link descriptions that can be related to other tools, games or sites.
The “Watch This Video of You Facebook” threat as a dangerous phishing threat will be used to harvest user data and report it to the hacker operators. They can use it to hijack their data and use it to commit other crimes like blackmail, identity theft and financial abuse.
If the virus is set to carry out other malicious actions they can include any of the following actions:
- Data Theft — In certain situations the effects of the threat can lead to the gathering of sensitive information. This is very dangerous as the information can be cross-referenced on other malware sites as well.
- Additional Payload Delivery — The “Watch This Video Of You Facebook” virus can be used as a conduit for spreading other threats. They can range from ransomware and Trojans to cryptocurrency miners.
- Site Redirects — This is a very dangerous action as it will automatically launch certain hacker-controlled pages as soon as the victim users access the plugin.
- Adware Content Display — As soon as the “Watch This Video of You Facebook” threat is accessed the hackers can include adware of various types that will be presented to the users: pop-ups, text links, banners and etc. For every displayed ad or user interaction the hackers will receive compensaion directly to their digital wallets.
Facebook Messenger Virus (Update May 2019)
Facebook Messenger has also been targeted by the so-called “viruses” and scams. An example of a malicious campaign that targets Messenger users is the [wplinkpreview url=”https://sensorstechforum.com/rietspoof-malware-messenger-skype/”] Rietspoof malware that was distributed in the wild via Facebook Messenger and Skype just a few months ago. The malware was discovered by Avast, and is a multi-stage threat that combines file formats to create a “more versatile malware”.
Shortly said, in its last campaigns, the malware was aiming to infect victims, gain persistence on affected systems, and download more malware as per the instructions it received from the command and control server.
Another example of a threat for Messenger users is a recent scam that features a video(.)bz link and the name of the targeted user. According to security experts, the link could redirect the user to a site that requires to reconnect to Facebook. Beware that this is just an attempt to steal Facebook’s login credentials to eventually take over the victim’s account. The Facebook Mesenger virus may also start sending bogus messages to the victim’s contacts.
|Short Description||Scams and malware campaigns that are using Messenger to spread further.|
|Symptoms||Victims may receive suspicious messages containing links in Messenger.|
The Secret Sister Gift Scam on Facebook (Update November 2018)
Pretending as a gifts exchange, the [wplinkpreview url=”https://sensorstechforum.com/secret-sister-gift-scam-facebook/”]Secret Sister Gift scam is the type of Facebook scam which is oriented towards stealing users’ money by getting them to pay 10$ on it’s landing page to begin exchanging gifts. In reality however, it brings nothing more than headaches to users.
|Short Description||A scam, posing as a service for gift exchange with an entry fee.|
|Symptoms||Posts various different types of scamming mesage|
Facebook Important Notice Virus
The Facebook important notice virus is a recent phishing tactics that can extract sensitive data from the victims. Its address will feature Facebook-related strings and it may also feature security certificates to further manipulate the victims into thinking that they have accessed a page belonging to the social network. The users will be shown a fake notification that asks them to a new terms of service agreement by interacting with a login page.
If they click the relevant button they will be redirected to a page that resembles the real Facebook login. If the targets input their account credentials they will automatically be redirected to the hacker operators who will take over control of the accounts. The scam pages will be distributed using the most popular tactics: spam email messages, redirects, browser hijackers and etc.
The “Posting from My Profile” Facebook Scam Virus[wplinkpreview url=”https://sensorstechforum.com/facebook-virus-posts-profile-picture-link/”]A virus, related to a suspicious Google Chrome browser extension, known as “YouTubeEx” has been reported to generate a post, appearing as it is from the official Facebook page of YouTube. The post simply had the word “Video” written on it and nothing else besides that. When the user clicks on this suspicious video, he or she experiences a browser redirect to a suspicious website that force-adds the suspicious browser extension. As soon as this extension Is added, it may obtain credentials of your Facebook account and begin sharing and posting from your Facebook profile.
|Short Description||A complicated virus which primarily posts on your behalf in social networks, but also may employ malware|
|Symptoms||Postings of viral videos on your behalf in Facebook. Sending messages to friends with malicious web links in them. Suspicious browser extension in your web browser.|
IKEA Katalog 2016 Table Swastika Facebook Virus
Few months ago a Facebook scam appeared spreading the image of an [wplinkpreview url=”https://sensorstechforum.com/ikeas-hadolf-swastika-shaped-table-is-a-facebook-scam/”]IKEA table looking like a swastika. Not only this but there was also a price for the table – 88 Euros. Interesting post, keeping in mind that it was originating from Duisburg, Germany and the number 88 is a sign used by Neo-nazis. Some believe the scam was made to boost IKEA’s reputation, some believe it is used as a click-bait to spread malware. Whatever the case may be the post was shared over 12,000 times.
|Short Description||A hoax IKEA brochure that may infect the computer with malware and redirect to multiple suspicious third-party websites.|
|Symptoms||An image of a dinner table dubbed Hadolf shaped like a swastika.|
“Small Humanoids Discovered In the U.S. Facebook” Virus Spam
This scam is probably one of the most popular I’ve stumbled onto from my “collection”. It represents a fake post of an article that says there have been [wplinkpreview url=”https://sensorstechforum.com/new-facebook-scam-small-humanoids/”]small human-like creatures that were discovered somewhere in the United States. It actually led to a suspicious third-party website that led them to the video. Users were asked to complete a survey to watch the video, though, which asked for their personal and financial information.
|Short Description||Leading to a third-party sites that prompts the completion of a survey to watch the video.|
|Symptoms||Transfers users to a third-party site instead of immediately letting them watch the video. The picture below featuring as a status update in Facebook News Feed from one of the user’s friends or a Facebook group.|
The “Zuckerberg has left Facebook” Virus
The [wplinkpreview url=”https://sensorstechforum.com/mark-zuckerberg-has-left-facebook-life-event-scam/”]“Zuckerberg has left Facebook” scam was as classic as it was genius. Someone, who understood coding made this, because whoever that was found a bug that could change life events, statuses and other interesting details of users. A researcher, named Sachin Thakuri discovered the bug, yet Facebook refused to fix it. This was a potentially dangerous scam, and it may have led to some people being pissed off for sure.
|Short Description||A virus spreading through a scam that takes advantage of a Facebook bug allowing it to manipulate life events of users.|
|Symptoms||Your life events, relationship status and other details may change and become public.|
Duplicate Profiles Facebook Virus
Ever received a Facebook invite from someone you know twice? Well, this [wplinkpreview url=”https://sensorstechforum.com/new-facebook-scam-fake-duplicate-accounts-fraud/”]Duplicate Profiles scam is one of the more modern ways to send you malware and infect your PC or smartphone. What the virus does is that it takes the friends list of the victim and then duplicates their profile to send another friend request and infect their computer via malicious attachments and chat messages. This is still on the loose, so beware!
|Short Description||Creates a duplicate profile of the victim to be used for malicious purposes, such as infecting his friends with malware.|
|Symptoms||Friend requests from a duplicate profile of yours sent to your Facebook buddies.|
The “Starbucks Gift Card” Facebook Virus
This hipster-Starbucks-loving oriented scam targeted mainly fans of the notorious company, asking them to share and invite friends to a fake Starbucks Facebook group. Classic way to boost a group and then change it’s name to what you want, right?
|Short Description||Displays a fake promotion asking to join a potentially hazardous Facebook group.|
|Symptoms||Shared posts of a promotion for Starbucks if you invite friends.|
The “Dislike Button” Facebook Malware
Remember back then, when Facebook had a new design and decided to allow only some users to test it? Well, this scam took advantage of that, pretending to allow only “few” to test the upcoming dislike button. There was no such thing, however.
|Short Description||Posts, advertising a fake dislike button that lead to malicious third-party website.|
|Symptoms||Added suspicious browser extensions, sluggish computer, posts from your profile and shares and automatic likes of unknown Facebook groups.|
The Facebook “Change Color” Facebook Virus
The [wplinkpreview url=”https://sensorstechforum.com/removal-of-facebook-change-color-virus/”]Facebook “Change Color” virus was as classic as it was widespread. It’s goal was to primarily advertise a dubious browser extension that collects your sensitive information and helps spread the scam further. No FB colors were harmed during the making of this scam, only personal information.
|Short Description||Steals valuable information on a victim`s PC via malware.|
|Symptoms||Users are redirected to fake Facebook phishing pages, pop-ups, online survey scams.|
The “You’ve got an iPhone” Phishing Facebook Virus
I mean sure it may work for some people, but it takes another level of no experience to click on this thing and enter your credit card details, besides seeing a scam for the first time in your life, of course. Either way, it appears that many fell for the [wplinkpreview url=”https://sensorstechforum.com/remove-youve-randomly-selected-test-new-iphone-9-ads/”]“You’ve got an iPhone” trick and may have entered their details. The suspected method of spreading is via unwanted software and ad-supported applications.
|Short Description||Pop-up pretending to be Facebook caused by a potentially unwanted application, installed via bundling.|
|Symptoms||“Every Monday we select one lucky visitor to get a special offer from our sponsors, as our “thank you” for being a loyal Facebook mobile user” message.|
The “Free Southwest Airlines Tickets” Facebook Virus
This virus begins to lead you towards a survey pretending to be from Facebook, but is actually a phishing web page, reported to also be malicious and use unauthorized tracking technologies. Whatever the case may be, this virus besides spreading in Facebook directly, could also be seen if you have a potentially unwanted program installed on your computer.
|Short Description||Fake event portraying free tickets if you enter your personal information.|
|Symptoms||Users may witness phishing pages, computer slowing down and pop-ups of the scam image above.|
The “My Secret Video” Facebook Virus
This scam attacked mobile devices, it was pretty clever at it too. Most hacked profiles posted on other profiles or their own timelines a video named “My secret video”. This was to sort out the inexperienced from experienced users. As soon as inexperienced user opens it, the scam displays a fake Android update, which is basically malware that aims to take control over your Android smartphone.
|Short Description||Redirect to a fake upgrade of Android, flash player or java.|
|Symptoms||After installing the malicious application the user may see posts on his Facebook profile without his consent.|
Photos of Ray-Ban Sunglasses Facebook Virus
Ever seen a sales page leading to an external link. Well, this is what makes such scams pretty slick. You can’t differentiate the actual retailer from the scamming or malicious web page. Well, you can but it kind of requires some experience. Slick and devious! Besides that this scam infects users with malware, it may also be spread via infected computers and compromised or inactive Facebook profiles.
|Short Description||Malicious smartphone application or browser extension that posts from your profile.|
|Symptoms||Unauthorized shared posts of Ray-Ban sunglasses.|
Nike Shoes Facebook Virus (Scam)
The Nike Shoes scam is one of the recent and new Facebook scams and is likely sent by the same people who are responsible for the Ray-Ban Facebook virus. The scam is likely spread via a very specific software that hijacks the Facebook profiles of victims and then begins posting from the victim’s compromised account.
The Nike Shoes scam may propagate via special software that not only hijacks your Facebook profile but hijacks your browsing activity in general. The possibilities of getting this software are many. And what is worse is that the malware may also spread across victims’ smartphones as well. One victim has reported the following, concerning the Nike Facebook Virus scam:
4 August at 09:06 ·
Dear Facebook I’m so tired of the SCAM ads that pop up…IE “Take this short survey”, “Nike shoes $7.00” and on and on! I report these every time but I still see them everyday? Like MySpace, Facebook is changing into one big commercial scam instead of what it was intended to be! Add in the fact that now we only see a small percentage of our friends post too. Facebook in the past always got better over time but in the last few years has gotten much worse! There is a wide open hole for a new social media platform that is scam free with better customer service! Mark Zuckerberg please fix this! #CP
The scam’s end goal is to take victims to a fake Nike Website, the idea of which is to enter your financial details and buy shoes that may not even arrive. Not only users risk their information by doing so, but they also risk all of they money as well, since the fake site does not have anything remotely to do with the original one:
|Short Description||Malicious smartphone application or PC browser extension that posts from your profile.|
|Symptoms||Unauthorized shared posts of Nike Shoes.|
Facebook Virus Posts Your Profile Picture With a Link
The discovery of this [wplinkpreview url=”https://sensorstechforum.com/facebook-virus-posts-profile-picture-link/”]Facebook virus originated from multiple reports from users of a virus that takes over your Facebook profile and posts your own profile picture to your friends, along with a malicious web link. Here is one of the reports from victims:
|Short Description||Works based on how a botnet operates. Aims to steal information.|
|Symptoms||Slow computer. Notifications from friends begin to appear on your Facebook timeline.|
Remove Facebook Viruses from Your Smartphone and Your PC
In case you have experienced the symptoms from the viruses above, we strongly recommend following the removal instructions below. They are carefully designed to help you remove these viruses from your computer and your smartphone.
Delete Facebook Virus from your smartphone
- Guide 1: How to Remove Facebook Virus from Windows.
- Guide 2: Get rid of Facebook Virus on Mac OS X.
- Guide 3: Remove Facebook Virus in Google Chrome.
- Guide 4: Erase Facebook Virus from Mozilla Firefox.
- Guide 5: Uninstall Facebook Virus from Microsoft Edge.
- Guide 6: Remove Facebook Virus from Safari.
- Guide 7: Eliminate Facebook Virus from Internet Explorer.
- Guide 8: Disable Facebook Virus Push Notifications in Your Browsers.
How to Remove Facebook Virus from Windows.
Step 1: Boot Your PC In Safe Mode to isolate and remove Facebook Virus
Step 2: Uninstall Facebook Virus and related software from Windows
Here is a method in few easy steps that should be able to uninstall most programs. No matter if you are using Windows 10, 8, 7, Vista or XP, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program are left behind, and that can lead to unstable work of your PC, errors with the file type associations and other unpleasant activities. The proper way to get a program off your computer is to Uninstall it.
Step 3: Clean any registries, created by Facebook Virus on your computer.
The usually targeted registries of Windows machines are the following:
You can access them by opening the Windows registry editor and deleting any values, created by Facebook Virus there. This can happen by following the steps underneath:
Get rid of Facebook Virus from Mac OS X.
Step 1: Uninstall Facebook Virus and remove related files and objects
1. Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:
- Go to Finder.
- In the search bar type the name of the app that you want to remove.
- Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
- If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.
In case you cannot remove Facebook Virus via Step 1 above:
In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:
You can repeat the same procedure with the following other Library directories:
Tip: ~ is there on purpose, because it leads to more LaunchAgents.
Step 2: Scan for and remove Facebook Virus files from your Mac
When you are facing problems on your Mac as a result of unwanted scripts and programs such as Facebook Virus, the recommended way of eliminating the threat is by using an anti-malware program. SpyHunter for Mac offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.
Remove Facebook Virus from Google Chrome.
Step 1: Start Google Chrome and open the drop menu
Step 2: Move the cursor over "Tools" and then from the extended menu choose "Extensions"
Step 3: From the opened "Extensions" menu locate the unwanted extension and click on its "Remove" button.
Step 4: After the extension is removed, restart Google Chrome by closing it from the red "X" button at the top right corner and start it again.
Erase Facebook Virus from Mozilla Firefox.
Step 1: Start Mozilla Firefox. Open the menu window
Step 2: Select the "Add-ons" icon from the menu.
Step 3: Select the unwanted extension and click "Remove"
Step 4: After the extension is removed, restart Mozilla Firefox by closing it from the red "X" button at the top right corner and start it again.
Uninstall Facebook Virus from Microsoft Edge.
Step 1: Start Edge browser.
Step 2: Open the drop menu by clicking on the icon at the top right corner.
Step 3: From the drop menu select "Extensions".
Step 4: Choose the suspected malicious extension you want to remove and then click on the gear icon.
Step 5: Remove the malicious extension by scrolling down and then clicking on Uninstall.
Remove Facebook Virus from Safari.
Step 1: Start the Safari app.
Step 2: After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.
Step 3: From the menu, click on "Preferences".
Step 4: After that, select the 'Extensions' Tab.
Step 5: Click once on the extension you want to remove.
Step 6: Click 'Uninstall'.
A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the Facebook Virus will be removed.
Eliminate Facebook Virus from Internet Explorer.
Step 1: Start Internet Explorer.
Step 2: Click on the gear icon labeled 'Tools' to open the drop menu and select 'Manage Add-ons'
Step 3: In the 'Manage Add-ons' window.
Step 4: Select the extension you want to remove and then click 'Disable'. A pop-up window will appear to inform you that you are about to disable the selected extension, and some more add-ons might be disabled as well. Leave all the boxes checked, and click 'Disable'.
Step 5: After the unwanted extension has been removed, restart Internet Explorer by closing it from the red 'X' button located at the top right corner and start it again.
Remove Push Notifications caused by Facebook Virus from Your Browsers.
Turn Off Push Notifications from Google Chrome
To disable any Push Notices from Google Chrome browser, please follow the steps below:
Step 1: Go to Settings in Chrome.
Step 2: In Settings, select “Advanced Settings”:
Step 3: Click “Content Settings”:
Step 4: Open “Notifications”:
Step 5: Click the three dots and choose Block, Edit or Remove options:
Remove Push Notifications on Firefox
Step 1: Go to Firefox Options.
Step 2: Go to “Settings”, type “notifications” in the search bar and click "Settings":
Step 3: Click “Remove” on any site you wish notifications gone and click “Save Changes”
Stop Push Notifications on Opera
Step 1: In Opera, press ALT+P to go to Settings
Step 2: In Setting search, type “Content” to go to Content Settings.
Step 3: Open Notifications:
Step 4: Do the same as you did with Google Chrome (explained below):
Eliminate Push Notifications on Safari
Step 1: Open Safari Preferences.
Step 2: Choose the domain from where you like push pop-ups gone and change to "Deny" from "Allow".