New virus on Facebook: the sexy video of the stars is a malware

Another day, another scam circulating on Facebook. Now the scam offers you spicy videos of some celebrities. Maximum alert.

If you happen to come across a link on Facebook that offers you to watch a hot video of Jessica Alba, or some other famous person, stay away because it's a scam. The only emotion you will receive is the annoyance of having to remove a malware from your computer.

Sex, blood and money... are the three mythical "S", that is the three topics that, more than any other, are able to capture the attention of a large number of users. Journalists know it well, but apparently also cyber criminals. It's no coincidence that the bait of the moment on Facebook is a sex tape, i.e. the promise that with a simple click on a link you are directly catapulted to hardcore scenes starring celebrities such as Jessica Alba. Non fatevi fregare perché l’unica cosa che ricevereste in cambio è un bel malware. Ecco come evitare di cadere nella trappola, e se già avete abboccato, la procedura per sbarazzarvi da questo virus.

Occhio ai link che arrivano su Facebook

sesso-online.jpgFonte foto: Shutterstock

Internet può essere un mondo difficile, è necessario prestare la massima attenzione a qualsiasi tipo di truffa. Cliccate sull’immagine per scoprire come difendersi dai ricatti online, legati al sesso

Regola numero uno: evitate sempre, e ovunque, di cliccare su collegamenti che vi promettono cose improbabili. Non solo filmati hard di persone famose, ma anche vincite o regali, anche se questi link vi arrivano da amici e persone fidate. No one ever gives anything for nothing, and in the best case you pay with the theft of sensitive personal data or even with the blocking of your device and its ransom demand... the infamous ransomware. The scam circulating on Facebook these days basically involves sex tapes and hardcore images starring Jessica Alba and her VIP companions. Once you click on the link, it starts downloading and installing a malware that will make your life on the web impossible with the continuous opening of popups and pages that spit in the browser, and in particular Chrome, with advertisements of sites that invite you to porn sites and fake lotteries. The scam - discovered by Cyren's security experts - affects, as mentioned, a Google Chrome extension that then also infects Internet Explorer, Firefox or Safari users and spreads a link to a PDF with nude images via private messages and posts on various Facebook groups without the user's knowledge.

Chrome most at risk with new Facebook virus

The Google browser, however, is the most vulnerable in this latest scam. Once clicking on this infamous link, Chrome users are directed to a fake YouTube page which, in turn, takes them to a pop-up window inviting them to install a Chrome extension to view the videos. Google's browser, upon installing the extension, sends users to the Facebook login page for a "re-authentication" with the obvious goal of stealing their social network login credentials and then using their account to infect their friends. The Chrome extension, analyzed by Cyren, is also well-designed because it is capable of blocking the opening and intervention of the main antivirus installed on the computer. And if that still wasn't enough, it prevents victims from accessing the Chrome extensions page so that it is impossible to uninstall it. The virus that then spreads the link in Facebook varies the bait, i.e. the name of the celebrity: not only Jessica Alba but also, for example, Selena Gomez, Jennifer Lawrence, Hilary Duff, Paris Hilton, Rihanna, Kim Kardashian, Scarlett Johansson, Kelly Brook, Doutzen Kroes, Elodie Varlet and Nicki Minaj. Cyber criminals managed, it's not clear how, to upload this extension to the Chrome Web Store, and Google promptly removed it but by then the scam was already underway.

Have you been infected? Here's how to get rid of it

Everyone gets a virus and falls for a scam... life on the web has become more tiring than an obstacle course. Chi di voi fosse stato infettato, vada dritto al registro di sistema di Windows scrivendo Regedit nel box del menu Start di Windows per cancellare la chiave collegata a questo malware. Andate quindi in Modifica > Trova e cercate la seguente stringa del registro:

HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeGoogleChromeExtensions

Questo esempio riguarda la stringa presente nel registro su Windows 11, in altre versioni potrebbe essere:

HKEY_LOCAL_MACHINESoftwareGoogleChromeExtension

Selezionatela e, con il pulsante destro del mouse, cancellatela con un clic su Elimina dall’apposito menu.

chrome-estensione-eliminazione-01.jpgFonte foto: Redazione

Primo passo per rimuovere il virus

A questo punto bisogna cancellare l’estensione dal browser. L’utente, come già accennato, non può accedere alla pagina delle estensioni di Chrome che va, quindi, cancellata manualmente. L’unico problema è che non si conosce l’ID di questa estensione, quindi vanno cancellate tutte e poi reinstallate. Il percorso da seguire è il seguente:

C:Users[nome utente]AppDataLocalGoogleChromeUser DataDefaultExtensions

chrome-estensione-eliminazione-02.jpgFonte foto: Redazione

Secondo passo per rimuovere il malware

Una volta individuato, selezionate tutte le sotto-cartelle di Extensions. Ripeto, siete poi costretti a reinstallare in Chrome tutte le estensioni, ma almeno vi liberate da questo fastidiosissimo, nonché pericoloso, malware.