Facebook Messenger, Google Docs, and Chrome Extensions Leveraged in Adware Campaign

An adware distribution campaign is spreading malicious links to unsuspecting users through the Facebook Messenger chat application. According to one researcher’s report, the threat actors behind this campaign are likely sending messages to legitimate Facebook users by using hacked Facebook accounts, malicious Chrome extensions, or clickjacking. The messages are short and usually include the victim’s first name and the word “video” along with an emoji and a shortened URL. Victims who click the URL are delivered to a customized Google Docs page featuring an image taken from the victim’s Facebook photo album. This image appears to be a video as there is a “play button” overlay on the page; however, the button is configured as a link that redirects the victim to a number of malicious websites containing adware and other malware. The NJCCIC recommends social media users exercise increased caution when using the platform, tighten privacy settings to prevent contact from – or reconnaissance by – people who are not already on one’s friends list, and avoid clicking on links in unexpected messages until their legitimacy has been verified by the message sender.