A new and large-scale Facebook spam campaign targeting French users has been identified to carry the Eko malware.
The Eko Malware Is Delivered via the Massive Facebook Spam Campaign in France
The latest trouble happening in France is a massive spam campaign delivered by Facebook messages. The large proportions of the criminal attacks has even encouraged the local authorities to issue an official warning about the threat. In addition this is an attack vector that delivers the Eko malware.
The campaign itself sends messages from infected friends asking them if they are the person in a linked video file. A malicious link that poses as a Youtube video is inserted into the contents of the message. The unsolicited messages contain the following elements – the profile picture of the victim, his/her name, the word “Video” besides the name of the receiver and a link with the text “xic.graphics”.
The victims are led to a malicious site which tricks them into installing a browser extension to view the counterfeit video. This is actually the Eko malware payload.
According to the reports from the French media, there are numerous name variants that are used by the threat. Upon infection it injects advertisements into the browser and may also collect private information such as stored passwords, browser history and form data.
Facebook is actively scanning for all known variants of the spam messages and actively removes them.