Over the past year, we’ve witnessed malware writers employ increasingly complex schemes to distribute malware. From repackaged apps to deceptive advertisements, bad actors are coming up with clever ways to trick smartphone users. This week, malware writers have gone “social” by using a drive-by-download technique to spread malware on Facebook. The process begins when a person receives a “Friend Request” from an unknown person. Curious to learn more about this alleged “Friend,” the person may visit this person’s Facebook profile. Here they will see a website URL listed in the “About Me” section of the page and if they click the link an application will begin downloading to their phone. If the malware is installed on a device, it can send unauthorized third-party premium rate phone services.
While the app itself is a known instance of malware, the use of social media to spread this malware offers a new distribution technique. Through the various ways Lookout detects and blocks malware, all Lookout users are protected from downloading this malware. As malware writers use increasingly sophisticated techniques to entice smartphone users to download malware, it’s always a good idea to exercise caution when clicking on links and videos within social media (especially when coming from unknown sources or “friends”). In addition to using good judgment, follow these quick steps for added protection:
- If you see a scam on Facebook, don’t click on it, report it. You can help stop malware early on by reporting suspicious activity as soon as you see it.
- Be alert for unusual behaviors on your phone, which could indicate that your phone is infected. These behaviors may include unusual text messages, strange charges to your phone bill, and suddenly decreased battery life.
- Download a mobile security app for your phone that protects you against malware.
To see how this type of malware spreads through Facebook, view a video courtesy Sophos Researcher: Vanja Svajcer.