ESET researchers have alerted of a scam campaign on Facebook that spreads a malicious browser plugin through social engineering techniques.
ESET says the attack starts by luring a Facebook user into playing a video, most often titled “My first video”, “My video” or “Private video”.
According to technology security company, ESET, after clicking on the link, the victim is directed to a fake YouTube website where, instead of downloading and playing the video, the user is requested to install an additional extension:
“Sorry, if you don’t install Video Play plugin, you will not be able to watch the video!”
“Click ‘Add Extension’ to watch the Video.”
ESET explains that “the extension is a malicious version of the otherwise legitimate ‘Make a GIF’ plug-in”, adding that it “detects this threat as JS/Kilim.SO and JS/Kilim.RG.”
The tech security company further explains that “if the victim installs the malicious plug-in, his/her browser becomes infected and carries the infiltration further: his/her Facebook wall becomes flooded with fake video posts tagging multiple friends from their friends list and subsequently, all online friends will receive an identical message via Messenger with the same harmful contents.”
Commenting on this, Lukas Stefanko, ESET Malware Researcher says that “the malicious campaign is spreading spam messages and infecting Facebook accounts with a very high rate of success. At this point, the infiltration only targets Chrome users, but there is no guarantee that it will not spread to other browsers in the future. Also, it has potential to become more dangerous in the future, spreading other, more powerful malware with new capabilities.”