“who posted your photo?”

If you get a Facebook DM (Direct Message) “who posted your photo?” with a link to apps.facebook – don’t follow the link.

spam04[redact]

Did you only click on the DM? It didn’t contain the payload. The “Play Video (Free Donwload)” [sic] post contained the payload, if you clicked on that link do not run the executable file.

spam03(redact)

Clicked on that one?
Don’t run the download. Oops too late … fair odds that the hack it is hiding as an app. Remove any unknown apps: https://www.facebook.com/help/204306713029340/
It is also worthwhile checking what the app gave itself permissions to access, it may need some further cleaning. If it came in via mobile there is also an SMS variant.

whack-a-mole

Advertisements
This entry was posted in security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s