Facebook is a place where most people share status updates, photos and videos — not pornography. However, a malicious Trojan that may look like a piece of adult entertainment in a friend’s post is already affecting countless members of the social networking service.
The Trojan was first reported by security researcher Mohammad Reza Faghani, who published the details on the SecLists industry message board. More than 110 million Facebook users have already been infected in a 48-hour period. Facebook friends see a post pointing to a porn video, which then demands an update of Adobe Flash to continue. Updating the tool causes the malware to be immediately downloaded.
Mohammad Faghani, who has been tracking the malware, reports the MD5 of the fake flash file as ‘cdcc132fad2e819e7ab94e5e564e8968′, and the SHA1 as ‘b836facdde6c866db5ad3f582c86a7f99db09784′. He says that an initial investigation of the malware finds it is capable of hijacking keyboard and mouse inputs.
In a statement, a spokesperson for Facebook said: “We use a number of automated systems to identify potentially harmful links and stop them from spreading. In this case, we’re aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites.” ESET detects as Win32/ExtenBro.AK.
Facebook spokesperson: “We are blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook.”
Users with security software should be protected from the malware. Check out Sophos Cloud Security below.