A new ‘Trojan Horse’ is doing rounds of the Facebook nowadays. Named Eko, this trojan is raiding the private inboxes of the French users of the Facebook Messenger. The malicious message apparently comes from the Facebook contacts. Despite repeated warnings people are still falling for the trap set in those malicious messages.
The malicious message comes as a PM (Private Message) on the Facebook messenger and comprises of the receiver’s name, receiver’s picture (usually the profile picture), the word “Video” that is written just next to the receiver’s name and a weblink that says “xic.graphics” under the image. The weblink is a fake YouTube video. Don’t fall for that.
The crux of the threat is that if you receive it you will feel like your friend/contact has sent you a video and that too about you. This is a type of social engineering in which the cyber crooks are trying to psychologically manipulate the target into performing an action that usually ends up downloading or executing a malware. Such kind of malware are not new. They have been previously seen on Twitter when some accounts were hacked to spread these kind of messages through Direct Message service of Twitter. Even those messages were spread around the same video context. Similarly Steam users have also been targeted with the same malicious video messages.
When you click on the video message received on Facebook Messenger, you are asked to install a Chrome browser extension. You might receive a notification to install it. Don’t install that extension in any case because it actually is the “Eko” malware. Once you install the extension, then you will be bombarded with unwanted advertisements. The Eko also steals your personal data including banking credentials. Worse more your account also starts sending the video messages.
If you have downloaded this malware first of all uninstall the extension, run an antivirus scan using an updated software, and immediately change your all passwords. The best way to protect yourself from any malware is to develop cyber awareness thereby being aware about the latest tricks deployed by hackers to lure targets.