Facebook has been a host to a number of malwares that come in different forms and if the users aren’t vigilant, the malware easily gets inside their systems thus proving to be fatal to exponential extents. A new, ‘video-based tagging’ malware has now been reported by HotForSecurity, which may compromise victim’s device identity.

It is not the first time that a malware has infected several timelines on Facebook, but this time, the execution of the malware seems to be close to perfect to hijack the victim’se device. It is a tagging crusade this time. It has infected around five thousand devices on it’s 3 day run, deviced to not stop easily.


The scam starts with a video tagging exactly 20 friends. The video is different every time and is eye catching (which it should be). The video displays a goo.gl  (it’s safe to click on this one) host, which is a URL shortening service and not a video host. Please remember this the next time you click on a URL as it should raise suspicion over the motive of the link.

Now when you’ve clicked on the video, you’ll be sent to a new page where your browser and OS are analysed by the hackers so as to send you to the right page. This way, Windows, Android or any other OS users are directed to correct pages for hijacking. It’s interesting to know that the malware has the capability of hijacking a wide range of devices like PCs, Android devices, Playstation, media playes, TV sets and even smart cars.

After this, you’re redirected to a SMS service that tries to provide you a premium service of some sort that costs less than $5, not to mention that a number of redirects are made where some of them even tell the hackers about how many of the users have actually fallen for it.

After this, if the conditions are habitable, your misery will continue that will direct you to a Facebook page where you’ll be asked for a Flash player update to watch the video. Now, this is where the interesting part begins. The file that you get is obviously not a Flash player update but a SFX file (self extracting file). If and when you go for installation, it breaks into two files named setup.exe and install.exe. Install.exe leaves your system open for malicious malware to set up camp in future while Setup.exe proliferates via the victims on Facebook.


  1. Install an antimalware solution to receive alerts about these scams if they try to hijack your device. They can quarantine or get rid of any files that seem suspicious.
  2. Restrict yourself  from clicking on such links and think if the person, whose timeline is compromised, would do so.
  3. Adjust your privacy settings on Facebook so as to review the content you are tagged in or ask your friends to review it, hence restricting the malware from spreading if you’ve already fallen prey to it.

These malwares are a part and parcel of the Internet. If you are vigilant and secure, you should not fall prey to such scams.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.