Facebook users in India hit by malware attack

11 Jun 2015

Facebook users in India have been hit with a malware, which inserts pornographic material on their timelines before infecting others on their network. 

The malware is said to be present in a link to a video, on the timeline of users.

Although ''hundred of social media users'' had been faced with the problem, it cannot be independently confirmed that this was an epidemic. However, if this was, the source is likely to be a bit of malware that was doing the rounds in the US in January this year.

The malware, which forms part of the Kilim family, specialises in infiltrating a user's facebook account through a downloaded Trojan.

The Facebook post baits users into clicking a link with the ow.ly shortened URL, which then redirects users multiple times until one got to a malicious website.

The users' platform is then checked by the website which either accordingly pops up ads on users' phone or asks them to download a bit of software for their computer.

The software, a Trojan, obviously, is usually usually disguised as a flash player update. It then makes a copy of itself on users' system and starts downloading video player extensions for users' browser from a remote server.

The attack has left hundreds of social media users across India embarrassed.

Many told The Times of India yesterday that they had not accessed their FB accounts for fear that the X-rated material might swamp their messages and posts.

According to the cybercrime cell of Agra police, which claimed to have identified it first, the attack was triggered by a virus from the Kilim malware family, which had caused such incidents elsewhere across the globe.

According to cybercrime cell in-charge Nitin Kasana, it started with a message on social media which stated: watch urgent, because it is your video.

He added, every time the link was clicked, the user's entire timeline and inbox was spammed with pornographic material.

According to Kasana, the message included a shortened ow.ly link that directed victims to another URL claiming to be the Amazon Web Services page, that in fact led users to a malicious website.

According to Kasana, this was used by crooks to verify the platform used by the victim, such as the desktop computer or mobile phone, and direct them to a different path depending on their device.

While mobile users were redirected to affiliate pages that contained various offers, desktop users were asked to download a file from a folder containing the malware.