The scam, now spreading on the social network, can multiply itself by tagging users’ friends extremely quickly. To avoid detection, cybercriminals vary the scam messages by incorporating the names of Facebook friends alongside “private video,” “naked video” or “XXX private video.”
“When clicking the link that promises videos of their friends naked, users are redirected to a fake YouTube website where a FlashPlayer.exe file deploys a Trojan,” states Catalin Cosoi, Chief Security Strategist at Bitdefender. “A fraudulent web page advises that Adobe Flash Player has crashed and an update to the latest version is required. The malware then installs a browser extension capable of posting the scam on users’ behalf and stealing their Facebook pictures.”
To increase the infection rate, the malware has multiple installation possibilities. Besides the automated and quick drop on the computer or mobile device, it also multiplies itself when users click the fake Adobe Flash Player update.
To make the scam more credible, cybercriminals faked the number of views of the adult video to show that over 2 million users have allegedly clicked on the infected YouTube link. To add another touch of realism, the malware creators also added a message that the video is “age-restricted” based on Community Guidelines.
The malware has been detected by Bitdefender Labs as Trojan.FakeFlash.A (Trojan.GenericKD.1571215), while the fake YouTube link is marked as a fraudulent attempt.