Turkey is one of the world’s most active Facebook-using countries, with 19 million daily active users and 33 million monthly active users. In addition to Facebook messages, Twitter accounts “promoting” this page were also spotted: This script is detected as HTML_BLOCKER.K. JS_BLOCKER.J then downloads a malicious script which is used to send the Facebook messages with the link to the video. The fake update, detected as TROJ_BLOCKER.J, installs the extension (detected as JS_BLOCKER.J) that blocks the antivirus websites.
It would not work in other browsers, like Internet Explorer and Mozilla Firefox. It also stops the user from accessing the extension settings page, to prevent the user from removing or disabling the extension.Īs we noted earlier, this threat is cyclical. The browser extension pushed to users was in the format used by Chromium-based browsers like Google Chrome. This targeting appears to have worked: based on feedback from the Smart Protection Network, 93% of those who accessed pages related to this attack were from Turkey. It also sends a link to the “video” to the victim’s Facebook friends via the messaging system, restarting the cycle.
#Adobe flash player bad for mac install#
This “video” prompts users to install a Flash Player update it actually installs a browser extension that blocks access to various antivirus sites.
Now, they’re targeting users in Turkey.Ī recent attack that we found starts off with a video link sent to users via Facebook’s messaging system (sent in Turkish). Fake Flash player scams have been around for a long time, but remarkably they still haven’t gone away.
0 kommentar(er)
