The xlsb mail attachment contacts a url and downloads the malware from an opendir, which also contains Ursnif/Gozi and is constantly updated.
The cybercrime on Facebook has not been stopped or slowed down by the Cambridge Analytica case. Rather. It has recently launched 2 malicious spam campaigns on the social media
The cybercrime on Facebook has not been stopped or slowed down by the Cambridge Analytica case. Rather. While Mark Zuckerberg testified before Congress, social media spammers launched two separate campaigns. Malware Bytes cybersecurity experts discovered it. The first one seems aimed at Finnish Facebook users. A website was set up to install a forced Firefox extension claiming you need a Flash update. Users who installed this extension and were logged into Facebook, found a new APP reportedly using several different names like HTC Sense, Spotify, and Pandora. This APP started spamming the user groups the affected Facebook account belonged. The aim is invite the victim to enter the word “Prism” in Google and click on the first result. Probably it directs victims on malware or a clickfraud.
The spread of scam for malware or clickfraud on Facebook Messenger is back. And, like “Is this you”, it uses a link to YouTube. Soon there will be others
The second cybercrime campaign on Facebook is related to a YouTube link on the Messenger. Clicking on it, it opens a page asking for your permission to install yet another social media APP. This, apart spreading malicious ads, turns the victim in the next person spreading these Messenger links. Malware Bytes cybersecurity experts noted that “this looks a lot like the ‘Is this you?’ Messenger campaign that made the rounds last year. If they really are related, then the main goal is probably ad fraud by clickjacking”. Not only. Cyber experts expect both of the malicious campaigns “to resurface in one form or another” and Facebook should have closer look at the apps that they allow on their platform.