Social media meets social engineering
The attack starts with a message using the victim’s name followed by the word “video” in order to make them click a shortened bit.ly link in the message. If the victim clicks it, they’re brought to a Google Docs page, which hosts an image from the victim’s Facebook Photo album, where the social engineering comes into play. The photo has a transparent play button over it, making it look like a video. If the victim clicks on it, it directs the victim to a series of websites, multiple domains called a domain chain, and in turn adware is installed on the target device. Researcher from Kaspersky Labs, David Jacoby, mentioned that this attack “basically moves your browser through a set of websites and, using tracking cookies, monitors your activity, displays certain ads for you and even, in some cases, social engineers you to click on links.”
Despite the fact that no actual malware is being installed onto the victim’s device, adware is in fact downloaded, which is for the most part harmless, although a large pain to the person experiencing it. Jacoby remains unsure as to how the adware itself is spreading through the messenger, although speculates that it is likely due to stolen credentials, hijacked browsers, or clickjacking.