Yes, the kittens are cute and who wouldn’t want to see another photo of the latest celebrity embarrassing themselves? But can we all just agree that as cool as the latest trending video is on Facebook, it’s probably not worth getting infected over? We’re sure you’ve heard about the malware infecting 110,000 Facebook users. Yes, it’s porn. Yes, at least 20 of your friends will be tagged when the malware takes over your computer, showing everyone on your feed that you viewed a video you might not want grandma or the PTA to know you watched. But the next malware video could be cute puppies, so let’s nip this in the bud!

Friends Don’t Send Friends Malware on Facebook

The really interesting thing to us is that it is a new twist on an old scam: upgrade your Flash player. We’d be willing to bet that not too many infosec folks are falling for this one as it is a rather oldie-but-goodie attack vector. Instead it’s our friends, family members, acquaintances, and that guy you bought coffee from this morning who are out of the loop because we haven’t been griping about this type of attack lately.

Why is this blast-from-the-past getting such great traction on Facebook? Think of it as playing on the notion of tribe mentality. Facebook creates your online tribe. When you see that someone else in your group has gone to the effort to “tag” you in a post and recommended a video for you to watch, you feel compelled to watch it. If one little click on “update now” is all that it takes for you to continue to be a part of that group, well, social psychology says a lot of people are going to take that small step. We’re human, and that means we are influenced by our social interactions. Even though the malware video trolling Facebook doesn’t look like something that would interest you, social proof kicks in and you go with the crowd in an ambiguous situation.

So spread the word! Shout it out to the PTA! Preach it to grandma! Share the love and inform the masses to practice safe Internet-ing! And let that guy you bought coffee from know that friends don’t let friends upgrade Flash player when prompted to by a video. Who knows, he might be grateful enough to sneak a muffin in there, too.

Sources:
https://threatpost.com/facebook-malware-poses-as-flash-update-infects-110k-users/110775/
https://www.itpro.co.uk/malware/23963/porn-video-malware-infects-110000-facebook-users
https://www.social-engineer.org/newsletter/social-engineer-newsletter-volume-4-issue-49/
https://www.social-engineer.org/framework/influencing-others/influence-tactics/social-proof/