“who posted your photo?”

If you get a Facebook DM (Direct Message) “who posted your photo?” with a link to apps.facebook – don’t follow the link.


Did you only click on the DM? It didn’t contain the payload. The “Play Video (Free Donwload)” [sic] post contained the payload, if you clicked on that link do not run the executable file.


Clicked on that one?
Don’t run the download. Oops too late … fair odds that the hack it is hiding as an app. Remove any unknown apps: https://www.facebook.com/help/204306713029340/
It is also worthwhile checking what the app gave itself permissions to access, it may need some further cleaning. If it came in via mobile there is also an SMS variant.


This entry was posted in security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.