Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger

From yesterday (December 18, 2017), a new type of malicious code has appeared and raged in Vietnam. This malicious code is not too sophisticated but is spreading very fast through Facebook Messenger because it is sent from the friends in the friend list.

From yesterday (December 18, 2017), a new type of malicious code has appeared and raged in Vietnam. This malicious code is not too sophisticated but is spreading very fast through Facebook Messenger because it is sent from the friends in the friend list.

  1. How to remove the code as a video format on Facebook Messenger
  2. How to fix when Facebook is infected with virus

This new malicious code spreads by automatically sending a zip file inside containing a disguised video file via Facebook Messenger with the name 'video_' + 4 random numbers.

Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger Picture 1Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger Picture 1

According to a malware analyst, this new type of malicious code is written in AutoIT language with the main functions being tampered with:

Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger Picture 2Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger Picture 2

How the code works

When entering the computer, the malicious code will retrieve and send information to the computer to the hxxp: //ojoku.bigih.bid/api/cherry/login.php address.

Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger Picture 3Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger Picture 3

The malicious code then downloads and installs a malicious extension to the user's browser. This extension continues to spread the malicious files in video format to friends on the Facebook of the infected person. Then, this malicious code loads the other extension into folders such as desktop, taskbar, program . by writing the chrome shortcut file.

Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger Picture 4Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger Picture 4

Finally, the malicious code will restart chrome for the extension to work and spread another type of malicious code used to dig the crypto currency as 'coin minner'. This is why your device is always in a state of lag without understanding why.

Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger Picture 5Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger Picture 5 How to prevent this new malicious code?

If you receive such a file, and have missed the click, download, don't worry too much, the dynamic code hasn't spread to your computer. Because this new malware is only really spread if you open the file.

To prevent this malicious code from spreading on your computer if you accidentally click open the file, open the hosts file and add the following lines:

127.0.0.1 ojoku.bigih.bid

127.0.0.1 plugin.ojoku.bigih.bid

This measure is only temporary. Attackers can easily distribute malicious code other than other domains. Therefore, to avoid this new malicious code, you should not open strange files from Facebook Messenger. Also, use antivirus software to make sure your computer is safe.

See more:

  1. The new DNS service Quad9 helps block malicious domains
  2. Detect and prevent Ransomware with CyberSight RansomStopper
5 ★ | 1 Vote