More than 1,000 people have been tricked into installing Trojan malware after clicking on a new Facebook scam that promises naked videos of their friends, antivirus solutions provider Bitdefender has found.
The UK has been the second most affected country by number of users, while infections were also detected in France, Germany, Italy and Romania.
The scam, now spreading on the social network, can multiply itself by tagging users’ friends extremely quickly. To avoid detection, cyber-criminals vary the scam messages by incorporating the names of Facebook friends alongside "private video," "naked video" or "XXX private video."
Catalin Cosoi, chief security strategist at Bitdefender, said: "When clicking the link that promises videos of their friends naked, users are redirected to a fake YouTube website where a FlashPlayer.exe file deploys a Trojan.
"A fraudulent web page advises that Adobe Flash Player has crashed and an update to the latest version is required. The malware then installs a browser extension capable of posting the scam on users’ behalf and stealing their Facebook pictures."
To increase the infection rate, the malware has multiple installation possibilities. Besides the automated and quick drop on the computer or mobile device, it also multiplies itself when users click the fake Adobe Flash Player update.
To make the scam more credible, cyber-criminals faked the number of views of the adult video to show that over 2 million users have allegedly clicked on the infected YouTube link. To add another touch of realism, the malware creators also added a message that the video is "age-restricted" based on Community Guidelines.
The malware has been detected by Bitdefender Labs as Trojan.FakeFlash.A (Trojan.GenericKD.1571215), while the fake YouTube link is marked as a fraudulent attempt. For maximum protection, Bitdefender’s free application for Facebook accounts, Safego, protects users from malware threats that attempt to exploit trust. Safego keeps you safe from all sorts of e-trouble, including scams, spam, malware, and private data exposure.