facebook messenger google chrome adware
A Facebook logo reflected in the eye of a woman is seen in this picture illustration taken in Skopje 6 November 2014 (Ognen Teofilovski/Reuters)

A team of security experts has finally figured the entire operation of malicious links that were spread in bulk recently via Facebook Messenger. According to a new report from Global Research and Analysis Team at Kaspersky Lab, the malicious links are designed to install adware on web browsers.

The team's lead, David Jacoby, has revealed in a report that cyber criminals had used Facebook Messenger to gain entry to Google Chrome and other browsers wherein the adware was installed. Based on the team's research findings, crooks had manipulated networked users on the messaging app to illicitly earn money from the adware.

How it works

As Jacoby has explained, a friend would send a message to another user via Facebook Messenger. The message contains a video with the name of the sender, a random smiley and a short link.

Once the link is clicked, the user will be redirected to Google Drive where a seeming video player with a picture of the sender in the background can be found. If the play button is clicked, the user will be redirected to a page that extremely looks like a YouTube page. However, Jacoby has noted that this is not a website but a PDF file published on Google Drive.

Also read: Trojans can steal your money through mobile internet billing

The user will be prompted to install an extension for Chrome. Once the user agrees, the extension will begin sending out spiteful links to their friends. The file downloaded is an adware.

For non-Chrome users, the malicious links will redirect users to different websites offering to download the adware, which is concealed as an update for Adobe Flash Player.

Warning

Jacoby has noted that the entire process is a vicious cycle. Once the users have the adware installed, it will begin tracking down the surfing activity of the user. He stresses that it can steal login credentials on Facebook, which means they also have access to the friends' list of the victim. Thus, the entire process repeats.

Per findings, the cyber criminals behind this adware are primarily interested in Facebook users from all English-speaking countries and several European countries such as Italy, France, Germany, Poland, Sweden, Greece, Portugal as well as middle eastern country Turkey.

Although the vulnerability had been intercepted, Kaspersky Lab warns internet users around the world to be wary of which browser extensions are being installed to avoid such incident. It adds to be cautious of the links being sent by friends.

"Clicking every link, even links that seem to be from someone you know, is out of the question. It is always a good idea to make sure that it is really your friend on the other end of the line, not some criminal who took control of your friend's account."