Trojan Spreading Through Private Facebook Messages

Facebook MessageFacebook users should exercise caution when exchanging images or files through private Facebook messages.

A Trojan horse is currently making rounds on the social network, sneaking up on unsuspecting Facebook users by posing as a poorly disguised image file.

The attack begins with a private Facebook message from a friend saying “lol” with a zip file attached. The name of the archive is typically “IMG_XXXXX.zip,” with the X’s serving as placeholders for numbers.

Inside the zip archive is a JAR (java) file sharing the same name. It’s when the victim makes the mistake of executing (or opening) the JAR file that the Trojan is silently downloaded & installed onto the computer.

VirusTotal scans of the threat hint at the possibility of it being a variant of the Zusy Trojan, a tiny piece of malware that steals financial information such as credit card details or banking login credentials. 28/50 antivirus engines are capable of detecting the threat – including ESET, AVG, Microsoft, Sophos & Symantec – so users that scan files before opening them will be spared.

Despite a JAR file being involved only Windows systems are vulnerable to this attack thanks to the install path. So Mac & mobile users that fall victim to this attack will be spared from infection.

What to Do If You’re Targeted

Did you get a suspicious Facebook message with an image link? Keep your PC safe by:

  • Asking the sender what the file is prior to downloading or opening it. If your friend can explain it, then go ahead and open it (just scan it first). If they say they didn’t send it, do NOT download it.
  • Scanning the file with your antivirus software before opening it. (As a rule, you should always scan files downloaded online before opening them.)

Did You Fall For This Attack?

If you or a friend opened the file associated with this attack, it’s strongly recommended that you:

  1. Run a full system scan using your antivirus.
  2. Change your Facebook account password.

[via Malwarebytes]

Is Your PC Infected with Malware?

San Diego Computer consultants offers affordable malware / virus removal services in San Diego County. Contact us if you need malware / virus removal.

Like this post? Follow us online by liking us on Facebook, following us on Twitter (@sdpcfix), or circling us on Google+.