Join our mailing list to receive the latest news and updates from our team.

<p>Thanks for signing up! :)</p>

read more.mapouter{overflow:hidden;height:500px;width:600px;}.gmap_canvas {background:none!important;height:500px;width:600px;}
Home / Security / How to Remove the Cross-Platform Facebook Messenger Malware

How to Remove the Cross-Platform Facebook Messenger Malware

Posted on

Facebook virus is a commonly used term by users who get infected with “virus” (as they usually describe deceptive online activity) while browsing the social network. Such types of infections usually include a clickbait picture or a link, or a notification with a tricky phrase. The idea of presenting such content is to make users feel curious and click on it. The result is the presence of severe malicious issues on the Facebook profile and sometimes PC malware intrusions. One sure sign that your Facebook account has been affected is the presence of posts that appear to be shared by you while you had no interference.

Facebook malware is nothing new, but in the summer of 2017 we discovered that a new variant is out there, targeting users via Facebook Messenger and prompting them to install adware and Trojans. How can you spot this malware, and check if you’ve been infected?

The simplest way to defeat such Messenger Malware attacks is to avoid clicking on random and shady links. Keep your security solution updates and make your friends/family aware of such attacks.

Methods used for spreading Facebook virus

Mostly, the malware is distributed via fake messages that are filled with malicious links. These messages are designed in a tricky way so that they could ignite a natural curiosity and make people click the malicious link. Once you click it, your Facebook account is hijacked and starts affecting all of your friends.

In addition, if not eliminated, Facebook virus can infect your computer with a trojan horse that starts its activity as soon as it enters the system. It can track you for years to steal your personal information or it can download other viruses to your computer, including ransomware-type threats that can encrypt your files with an advanced encryption algorithm and then start asking you to pay a ransom.

An alternative way used by Facebook virus to infect its victims is related to hacked apps. If you are tricked into granting them with the access to your account, you can find out that your social account was hijacked. Finally, using a weak password is also considered one of the main ways used by Facebook malware to affect its users.

The latest version of Facebook virus is noticed spreading via Google Chrome extensions. The problem with this distribution method is that users were forbidden from access Chrome settings and remove the malicious app unless they reset the browser or uninstall it entirely.

Cross-Platform Malware: The Cost-Effective Attack

In the old days, you could be pretty confident that any malware attack would be aimed at Windows PCs. Online security became such a problem for Microsoft that Windows Defender was bundled with Windows 7 and later.

facebook messenger malware alert

These days, Windows is still the main target for scammers and hackers. But they’re more proactive in aiming their cynicism at Linux and macOS users. For just a little more effort, a single attack vector can be adapted to draw in users on other systems — perhaps even mobile browsers.

It’s fair to say that traditional malware cannot work in this way. Worms are almost unheard of on Linux and macOS, for instance. But times are changing. Why maliciously destroy someone’s data if there’s no profit in it?

Malware developers have their eye on the ball, and on their bank balances. They need a profitable result. As a result, we’re now in the age of the cross-platform malware attack.

Malware Tailored to YOU

Perhaps the most widely-known examples of cross-platform malware can be found inhabiting Facebook. While the site itself doesn’t serve any malicious code (beyond stripping you of your privacy), Facebook apps, websites, and plugins are capable of forwarding you to unpleasant locations.

When it comes to Facebook Messenger malware, a rather ingenious piece of social engineering is used. First of all, your name is used. Second, your browser and operating system are instantly detected. Finally, you’re coerced into downloading the malicious software.

This might be simple adware, or it could be a Trojan… or both. Either way, this malware banks on the faith and trust you have in Facebook, and subverts this to turn you into a victim.

How to Spot the Facebook Messenger Malware

Once you know what the malware message looks like, you’ll be able to stop it.

And yes, it really is as simple as that. Your name, the word “Video,” followed by an emoji. Topping it off comes the link. The idea is that you’re tempted by a surprising or shocking video.

The scam has already used your name, based on your Facebook account. By using your name, the automated software controlling the scam instantly builds a connection with you. After you click on the link, to a Google Docs file, something interesting happens.

Here you’ll find an intentionally-blurred photo pulled from your Facebook account, presented to look like a video. Clicking on this image, however, doesn’t launch a video. Instead, your User Agent data is detected, and you’re sent to a web page and prompted to download software to “fix” the problem.

The User Agent is the clever part here. By relying on this data (your browser and operating system, essentially), the scammers can send you to a relevant website.

Which Website?

Firefox browser users will see a fake Flash update notification, which prompts you to install a malicious executable. Using Google Chrome? Here, you’ll see a fake YouTube site, with a fake error message to trick you into installing a malicious Chrome extension. MacOS users on Safari, meanwhile, are prompted to download a malicious DMG file.

There are some permutations. For instance, while Windows Firefox users get the EXE file, Linux users will be prompted to install a PPA (an unofficial software repository, often useful, but occasionally dangerous).

So what happens when you’re infected? In short, you’ll receive adverts where you’re not expecting them, with all proceeds going to the scammers. There is also a likelihood that a Trojan is installed, perhaps a keylogger, or a remote control tool for linking your system to a botnet.

Removing the Facebook Messenger Malware

If Facebook virus is bothering you, please, follow these steps:

Check App settings:

  1. Login to your Facebook account and click this little triangle on your right;
  2. Click Settings to open General Account Settings window;
  3. Look on your left and select Apps;
  4. Click Edit button on Apps, Websites and Plugins option;
  5. Select Disable to protect your account from unauthorized access of third party apps.

If you got infected with Facebook video virus, you should reset Google Chrome by following these steps:

  1. Go to Chrome Settings.
  2. Go to Advanced.
  3. Choose Reset.
  4. Click “Reset” button.

If you continue receiving complaints about malicious messages sent from your account, it means that Chrome reset did not help to delete the virus. In this case, you have to uninstall Chrome from the device because this version of virus spreads via Chrome extensions that might be nearly impossible to remove.


Run Antivirus Software

Whether you’re running Chrome, Firefox or Safari, you should scan your computer for malware. Your usual antivirus software should be adequate here, but if not, you’ll find something suitable in our list of the best security tools.

The aim here is to scan your computer for adware, Trojans, and other malware that might have been installed via the Facebook Messenger con. Don’t overlook this step, as it is vitally important that you remove what has been installed on your computer.

Check Facebook Apps and Websites

The final step is to deal with Facebook. The risk from apps and websites linked to your account is real, so it makes sense to remove those you no longer wish to be associated with. At the very least, this will help you to focus your Facebook activities to topics you’re interested in.

facebook messenger malware app remove

Open the Facebook menu, then find Settings > Apps. Here, you’ll find apps and websites that you can Remove. Old websites you might have visited, old apps from mobile devices and platforms you no longer use — these are all potential attack vectors for scammers.

Check each in turn, discarding those that no longer hold importance or relevance. If you see any you don’t recall, check them out with a quick web search, and remove them if appropriate.

Don’t Click on Strange Links!

If you’re still using Facebook, and its associated messenger, you are opening yourself up to all manner of socially engineered attacks. At the very least, you should be keeping your account closed to strangers, offering status updates to only friends, and regularly checking what mobile, desktop, and browser apps have access to your profile.

Have you been affected by the Facebook Messenger malware attack? What operating system and browser where you using? Was the adware successfully removed, and did your antivirus software find any Trojans? Tell us in the comments.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: