Late last week, a new and devastating malware attack began to spread on Facebook through an Ow.ly link that promised “sex photos of teen girls in school” to curious users. However, once a user clicks on the link, the malware installs a rogue extension in their browser that can then post messages and spread the bug to all of the user’s friends.
According to security research firm Malwarebytes, which discovered the bug, the attack is more sophisticated than the average Facebook scam. It takes advantage of cloud infrastructure to disguise itself, and when mobile users click on the link they are taken to a specialized offer page based on their geographic location that prompts them to take bogus surveys or download fake apps.
“The goal [of this current attack] is to harvest as many users as possible to create a very large [botnet] consisting of social networks profiles which can be leveraged in various ways, [such as by] reselling Facebook friends and likes, reselling Twitter followers, [and] generating pay per click revenue by visiting sites and clicking ads,” Jerome Segura, senior security researcher at Malwarebytes, told SCMagazine.com.
Fortunately, the bug appears to predominantly target users of Google Chrome, so Firefox and Internet Explorer appear to be in the clear. Still, with a link as suspicious as this one, Facebook users on all browsers should know to steer clear.