Being the largest social media platform in the world is quite the achievement, but it also comes with quite the responsibility. Users are bombarded very often with scamming advertisements of different nature, most of which get them to watch a video or visit an article. Usually these very same marketing tricks used as click bait work when malware is the object advertised, which is very bad news for security vendors and users. In this article we aim to show you some of the most notorious Facebook viruses out there and provide removal instructions in case you experience symptoms of those viruses on your computer. We have also included some tips on how to increase the protection against such threats in general.
Update July 2019! What is Facebook Virus? What does Facebook Virus do? How to get rid of Facebook Virus?
SIDENOTE: This post was originally published in September 2018. But we gave it an update in August 2019
The Facebook Viruses
Watch This Video Of You Facebook (Update August 2019)
Recently a SPAM wave of phishing sites related to the Facebook social network have been set against end users worldwide. These pages are usually hosted on similar sounding domain names and may use security certificates that are self-signed. There are several variants under which this threat can appear as:
- Phishing Login Pages — The users can be presented with fake login pages that copy down the exact page used by the social network. The title “Watch This Video of You Facebook” can be placed in the head of the page, as the title or somewhere inside the contents. If the users enter these pages then they will be asked to input their Facebook account data. This will automatically transmit it to the hacker operators.
- Malicious Facebook Applications — They can easily be uploaded to the Facebook page and appear as legitimate and useful plugins, extensions, games or applications. Using fake or hacked developer credentials the victims may be enticed into opening them. The descriptions will feature descriptions that will promise new additions and functionality.
- Multimedia Redirect Content — Using fake, hacked or automatically generated user profiles links to the dangerous content can be posted on their wall, story or in groups. In most cases the links can be hidden in URL shorteners or through link descriptions that can be related to other tools, games or sites.
The “Watch This Video of You Facebook” threat as a dangerous phishing threat will be used to harvest user data and report it to the hacker operators. They can use it to hijack their data and use it to commit other crimes like blackmail, identity theft and financial abuse.
If the virus is set to carry out other malicious actions they can include any of the following actions:
- Data Theft — In certain situations the effects of the threat can lead to the gathering of sensitive information. This is very dangerous as the information can be cross-referenced on other malware sites as well.
- Additional Payload Delivery — The “Watch This Video Of You Facebook” virus can be used as a conduit for spreading other threats. They can range from ransomware and Trojans to cryptocurrency miners.
- Site Redirects — This is a very dangerous action as it will automatically launch certain hacker-controlled pages as soon as the victim users access the plugin.
- Adware Content Display — As soon as the “Watch This Video of You Facebook” threat is accessed the hackers can include adware of various types that will be presented to the users: pop-ups, text links, banners and etc. For every displayed ad or user interaction the hackers will receive compensaion directly to their digital wallets.
Facebook Messenger Virus (Update May 2019)
Facebook Messenger has also been targeted by the so-called “viruses” and scams. An example of a malicious campaign that targets Messenger users is theRietspoof malware that was distributed in the wild via Facebook Messenger and Skype just a few months ago. The malware was discovered by Avast, and is a multi-stage threat that combines file formats to create a “more versatile malware”.
Shortly said, in its last campaigns, the malware was aiming to infect victims, gain persistence on affected systems, and download more malware as per the instructions it received from the command and control server.
Another example of a threat for Messenger users is a recent scam that features a video(.)bz link and the name of the targeted user. According to security experts, the link could redirect the user to a site that requires to reconnect to Facebook. Beware that this is just an attempt to steal Facebook’s login credentials to eventually take over the victim’s account. The Facebook Mesenger virus may also start sending bogus messages to the victim’s contacts.
|Short Description||Scams and malware campaigns that are using Messenger to spread further.|
|Symptoms||Victims may receive suspicious messages containing links in Messenger.|
The Secret Sister Gift Scam on Facebook (Update November 2018)
Pretending as a gifts exchange, theSecret Sister Gift scam is the type of Facebook scam which is oriented towards stealing users’ money by getting them to pay 10$ on it’s landing page to begin exchanging gifts. In reality however, it brings nothing more than headaches to users.
|Short Description||A scam, posing as a service for gift exchange with an entry fee.|
|Symptoms||Posts various different types of scamming mesage|
Facebook Important Notice Virus
The Facebook important notice virus is a recent phishing tactics that can extract sensitive data from the victims. Its address will feature Facebook-related strings and it may also feature security certificates to further manipulate the victims into thinking that they have accessed a page belonging to the social network. The users will be shown a fake notification that asks them to a new terms of service agreement by interacting with a login page.
If they click the relevant button they will be redirected to a page that resembles the real Facebook login. If the targets input their account credentials they will automatically be redirected to the hacker operators who will take over control of the accounts. The scam pages will be distributed using the most popular tactics: spam email messages, redirects, browser hijackers and etc.
The “Posting from My Profile” Facebook Scam VirusA virus, related to a suspicious Google Chrome browser extension, known as “YouTubeEx” has been reported to generate a post, appearing as it is from the official Facebook page of YouTube. The post simply had the word “Video” written on it and nothing else besides that. When the user clicks on this suspicious video, he or she experiences a browser redirect to a suspicious website that force-adds the suspicious browser extension. As soon as this extension Is added, it may obtain credentials of your Facebook account and begin sharing and posting from your Facebook profile.
|Short Description||A complicated virus which primarily posts on your behalf in social networks, but also may employ malware|
|Symptoms||Postings of viral videos on your behalf in Facebook. Sending messages to friends with malicious web links in them. Suspicious browser extension in your web browser.|
IKEA Katalog 2016 Table Swastika Facebook Virus
Few months ago a Facebook scam appeared spreading the image of anIKEA table looking like a swastika. Not only this but there was also a price for the table – 88 Euros. Interesting post, keeping in mind that it was originating from Duisburg, Germany and the number 88 is a sign used by Neo-nazis. Some believe the scam was made to boost IKEA’s reputation, some believe it is used as a click-bait to spread malware. Whatever the case may be the post was shared over 12,000 times.
|Short Description||A hoax IKEA brochure that may infect the computer with malware and redirect to multiple suspicious third-party websites.|
|Symptoms||An image of a dinner table dubbed Hadolf shaped like a swastika.|
“Small Humanoids Discovered In the U.S. Facebook” Virus Spam
This scam is probably one of the most popular I’ve stumbled onto from my “collection”. It represents a fake post of an article that says there have beensmall human-like creatures that were discovered somewhere in the United States. It actually led to a suspicious third-party website that led them to the video. Users were asked to complete a survey to watch the video, though, which asked for their personal and financial information.
|Short Description||Leading to a third-party sites that prompts the completion of a survey to watch the video.|
|Symptoms||Transfers users to a third-party site instead of immediately letting them watch the video. The picture below featuring as a status update in Facebook News Feed from one of the user’s friends or a Facebook group.|
The “Zuckerberg has left Facebook” Virus
The“Zuckerberg has left Facebook” scam was as classic as it was genius. Someone, who understood coding made this, because whoever that was found a bug that could change life events, statuses and other interesting details of users. A researcher, named Sachin Thakuri discovered the bug, yet Facebook refused to fix it. This was a potentially dangerous scam, and it may have led to some people being pissed off for sure.
|Short Description||A virus spreading through a scam that takes advantage of a Facebook bug allowing it to manipulate life events of users.|
|Symptoms||Your life events, relationship status and other details may change and become public.|
Duplicate Profiles Facebook Virus
Ever received a Facebook invite from someone you know twice? Well, thisDuplicate Profiles scam is one of the more modern ways to send you malware and infect your PC or smartphone. What the virus does is that it takes the friends list of the victim and then duplicates their profile to send another friend request and infect their computer via malicious attachments and chat messages. This is still on the loose, so beware!
|Short Description||Creates a duplicate profile of the victim to be used for malicious purposes, such as infecting his friends with malware.|
|Symptoms||Friend requests from a duplicate profile of yours sent to your Facebook buddies.|
The “Starbucks Gift Card” Facebook Virus
This hipster-Starbucks-loving oriented scam targeted mainly fans of the notorious company, asking them to share and invite friends to a fake Starbucks Facebook group. Classic way to boost a group and then change it’s name to what you want, right?
|Short Description||Displays a fake promotion asking to join a potentially hazardous Facebook group.|
|Symptoms||Shared posts of a promotion for Starbucks if you invite friends.|
The “Dislike Button” Facebook Malware
Remember back then, when Facebook had a new design and decided to allow only some users to test it? Well, this scam took advantage of that, pretending to allow only “few” to test the upcoming dislike button. There was no such thing, however.
|Short Description||Posts, advertising a fake dislike button that lead to malicious third-party website.|
|Symptoms||Added suspicious browser extensions, sluggish computer, posts from your profile and shares and automatic likes of unknown Facebook groups.|
The Facebook “Change Color” Facebook Virus
TheFacebook “Change Color” virus was as classic as it was widespread. It’s goal was to primarily advertise a dubious browser extension that collects your sensitive information and helps spread the scam further. No FB colors were harmed during the making of this scam, only personal information.
|Short Description||Steals valuable information on a victim`s PC via malware.|
|Symptoms||Users are redirected to fake Facebook phishing pages, pop-ups, online survey scams.|
The “You’ve got an iPhone” Phishing Facebook Virus
I mean sure it may work for some people, but it takes another level of no experience to click on this thing and enter your credit card details, besides seeing a scam for the first time in your life, of course. Either way, it appears that many fell for the“You’ve got an iPhone” trick and may have entered their details. The suspected method of spreading is via unwanted software and ad-supported applications.
|Short Description||Pop-up pretending to be Facebook caused by a potentially unwanted application, installed via bundling.|
|Symptoms||“Every Monday we select one lucky visitor to get a special offer from our sponsors, as our “thank you” for being a loyal Facebook mobile user” message.|
The “Free Southwest Airlines Tickets” Facebook Virus
This virus begins to lead you towards a survey pretending to be from Facebook, but is actually a phishing web page, reported to also be malicious and use unauthorized tracking technologies. Whatever the case may be, this virus besides spreading in Facebook directly, could also be seen if you have a potentially unwanted program installed on your computer.
|Short Description||Fake event portraying free tickets if you enter your personal information.|
|Symptoms||Users may witness phishing pages, computer slowing down and pop-ups of the scam image above.|
The “My Secret Video” Facebook Virus
This scam attacked mobile devices, it was pretty clever at it too. Most hacked profiles posted on other profiles or their own timelines a video named “My secret video”. This was to sort out the inexperienced from experienced users. As soon as inexperienced user opens it, the scam displays a fake Android update, which is basically malware that aims to take control over your Android smartphone.
|Short Description||Redirect to a fake upgrade of Android, flash player or java.|
|Symptoms||After installing the malicious application the user may see posts on his Facebook profile without his consent.|
Photos of Ray-Ban Sunglasses Facebook Virus
Ever seen a sales page leading to an external link. Well, this is what makes such scams pretty slick. You can’t differentiate the actual retailer from the scamming or malicious web page. Well, you can but it kind of requires some experience. Slick and devious! Besides that this scam infects users with malware, it may also be spread via infected computers and compromised or inactive Facebook profiles.
|Short Description||Malicious smartphone application or browser extension that posts from your profile.|
|Symptoms||Unauthorized shared posts of Ray-Ban sunglasses.|
Nike Shoes Facebook Virus (Scam)
The Nike Shoes scam is one of the recent and new Facebook scams and is likely sent by the same people who are responsible for the Ray-Ban Facebook virus. The scam is likely spread via a very specific software that hijacks the Facebook profiles of victims and then begins posting from the victim’s compromised account.
The Nike Shoes scam may propagate via special software that not only hijacks your Facebook profile but hijacks your browsing activity in general. The possibilities of getting this software are many. And what is worse is that the malware may also spread across victims’ smartphones as well. One victim has reported the following, concerning the Nike Facebook Virus scam:
4 August at 09:06 ·
Dear Facebook I’m so tired of the SCAM ads that pop up…IE “Take this short survey”, “Nike shoes $7.00” and on and on! I report these every time but I still see them everyday? Like MySpace, Facebook is changing into one big commercial scam instead of what it was intended to be! Add in the fact that now we only see a small percentage of our friends post too. Facebook in the past always got better over time but in the last few years has gotten much worse! There is a wide open hole for a new social media platform that is scam free with better customer service! Mark Zuckerberg please fix this! #CP
The scam’s end goal is to take victims to a fake Nike Website, the idea of which is to enter your financial details and buy shoes that may not even arrive. Not only users risk their information by doing so, but they also risk all of they money as well, since the fake site does not have anything remotely to do with the original one:
|Short Description||Malicious smartphone application or PC browser extension that posts from your profile.|
|Symptoms||Unauthorized shared posts of Nike Shoes.|
Facebook Virus Posts Your Profile Picture With a Link
The discovery of thisFacebook virus originated from multiple reports from users of a virus that takes over your Facebook profile and posts your own profile picture to your friends, along with a malicious web link. Here is one of the reports from victims:
|Short Description||Works based on how a botnet operates. Aims to steal information.|
|Symptoms||Slow computer. Notifications from friends begin to appear on your Facebook timeline.|
Remove Facebook Viruses from Your Smartphone and Your PC
In case you have experienced the symptoms from the viruses above, we strongly recommend following the removal instructions below. They are carefully designed to help you remove these viruses from your computer and your smartphone.
Delete Facebook Virus from your smartphone