Celebrity Nude Photos and Videos Malicious Links to Malware

Celebrity Nude Photos and Videos Malicious Links to Malware

Would you share this Article with others?

Online users, especially users of the Google Chrome web browser, if you see links promising nude celebrity photos or videos of Jessica Alba and other celebrities, do not click on them. This is because cybercriminals are using those links in an attempt to trick online users into downloading malware that will infect their computers with ransomware, spyware, viruses, Trojan horse and other malicious software that will steal their personal and financial information, or make their files unreadable and demand a ransom to make them readable again.

How the Malicious Celebrities Nude Photos or Videos Links Work?

According to researchers at Cyren, a cloud-based security solutions provider, this is how the malicious Jessica Alba links work:

If the user is using Google Chrome, the link opened is "hxxps://rb-xxxxxx.xxx/gxxxxo.php"and shows a phony YouTube site. Clicking the play button brings up a pop-up window inviting the user to install a Google Chrome extension.

After installing that extension, the browser opens up a Facebook.com login page. The extension is able to read the user’s friend list, Facebook groups, plus all personal information and upload the PDF to groups, posts, and to friends in private chat.

To summarize, this advertising campaign is able to create a sort of botnet to spread via a combination of nude celebrity pictures, a Chrome extension, and Facebook posts – which all ultimately lead to an aggressive spam/advertising page.

Facebook runs on all kinds of devices, although this malware campaign targets the Chrome web browser platform, it is not impossible for the malware writers to find ways to propagate through other browsers, as all the other browsers also have their own browser plugins/extensions.

The fact that this malicious Chrome extension was hosted in the Google Chrome Extension Store, tricks users into believing that the Chrome extension came from a trusted source/publisher and are probably safe to install. Google has removed the extension from the webstore. Cyren detects the Chrome extension scripts as, JS/Vekikrom.A!Eldorado for ba.ph and JS/Vekikrom.A1!Eldorado for main.php and background.js as JS/Agent.XL.

How to Remove the Malicious Chrome Extension?

We recommend that online users use a program called AdwCleaner to remove the malicious Chrome extension. Click here for instructions on how to use this program. If AdwCleaner doesn't work, infected users will have to delete the Registry key from the Registry Editor and also the folder in AppData. Please see the Registry key paths below, and removing Windows Registry key paths should only be done by tech-savvy persons.

This is the path to the Registry Editor:

This is the path to the extension folder:
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions

Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.

Please share what you know or ask a question about this article by leaving a comment below. Check the comment section below for additional information, if there is any. Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com. And, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent. Also, to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts (OTA) by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews
There are no comments as yet, please leave one below or revisit.

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

Write Your Comment, Question, Answer, or Review
Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.
Your comment, question, answer, or review will be posted as an anonymous user because you are not signed in. Anonymous posts cannot be edited or deleted. Sign-in.

Celebrity Nude Photos and Videos Malicious Links to Malware