Facebook users are advised to delete message notifications that appear to have been sent by friends, claiming to have mentioned them in a comment on Facebook. This is because the message notifications are fakes and are malicious. The malicious messages have links, when clicked, will download and infect the victims’ computers or devices with a virus, spyware or some other malware. The infected computers or devices will hijack the victims’ Facebook accounts and use them to send the same fake and malicious message to their friends, in an attempt to infect their computers or devices.
Infected computer or devices can be used to send phishing messages to the owners’ Facebook friends, which will steal their online account credentials, personal and financial information.
Note: users of Android and iOS mobile devices are immune since the malware used libraries which are not compatible with these mobile operating systems.
Kaspersky Lab, a software security group that discovered the threat, recommends that online users who think that they may have been infected, to run a malware scan on their computers, or open their Chrome web browser and look for unexpected extensions. If there are unexpected extensions present, they should log out of their Facebook accounts, close the browser and disconnect the network cable from their computers, and get a professional to check for and clean away the malware.
They also advise online users to follow the basic cyber-safety practices:
- Install an antimalware solution on all devices and keep OS software up-to-date.
- Avoid clicking on links in messages from people you don’t know, or in unexpected messages from friends.
- Exercise caution at all times when online and on social media networks: if something looks even slightly suspicious, it probably is.
- Implement appropriate privacy settings on social media networks such as Facebook.