Many users have been receiving a spammy message via Facebook’s chat functionality which looks something like shown below:
The messages spreading via chat are:
– bist du das?? aaaaaahahahahaahahaha
– hey is this your ex?? lol [LINK]
– omg you look so cute [LINK]
If a user clicks on the shortened URL, he’s exposed to an executable file that looks like an image file.
The malware gets downloaded and stores itself in the Windows %TEMP% folder.
Users might get curious and tempted to see the specified picture, which then downloadeds the malware.
On clicking on the executable file, a “Picture cannot be displayed” error message appears.
But when this file gets executed, it installs a malware which runs in the background. This malware works as a downloader and can download keyloggers, spyware, backdoors, Fake AV etc.
Users are advised to take extra care when dealing with links on Facebook.
Quick Heal detects this malware file and protects its users by preventing it from spreading.