That leaked Emma Watson Facebook video could infect your PC with malware

Emma WatsonBeware!

If you're the kind of person who gets a kick out of watching leaked videos and photos of celebrities, then you're precisely who cybercriminals are targeting with the latest malicious scam spreading on Facebook.

Researchers at Bitdefender have discovered that computers are at risk of being infected with malware, if their owners are lured into clicking on links shared via Facebook purporting to contain a private video of Emma Watson.

There isn't really a video of the British actress, best known for playing Hermione Granger in Harry Potter, of course. Her name and image is simply being used as bait.

Emma Watson Facebook scam

When Facebook users click on the link they are taken to a third-party webpage which pretends to be YouTube.

Unlike the real YouTube, however, the webpage is designed to trick you into thinking that your video player is out of date. In a nutshell, the criminals are hoping that internet voyeurs will rush to download a malicious file and not think of the possible dangers to their data security.

Fake YouTube page

Video Player Error

Our system detected that you are using an outdated Video Player version, in order to watch videos on Youtube please update to the latest secured version of Video Player by clicking [the] ‘Upgrade Now’ button below.

Once you download and install the update refresh the browser to watch the video.

Bitdefender's research team says that the malware changes the user's browser settings, and meddles with their use of Facebook to start sending messages on the victim's behalf without their knowledge. Some of this activity can include posting comments on the user's behalf, and automatically liking and following Facebook pages - an activity that can help the criminals earn money.

In addition, victims may find that their mobile phones have been signed up for premium rate SMS services - another common source of income for Facebook scammers.

Bitdefender's product detects the attack as Trojan.JS.Facebook.A and Trojan.Agent.BFQZ, and more information about the attack is available on the security vendor's website.

If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

2 Responses

  1. Coyote

    October 9, 2014 at 8:41 pm #

    It is a right shame that it also doesn't drop their connection (regardless of the method) or otherwise be malware that isn't a risk to others (botnet, spreading, etc.). Because if that was the case, it would serve them right. For this attack vector genre (if I may call it that), not just this case. To think that people are so shameful, desperate and unable to think for themselves (or in this case: at all). Even though none of this surprises me (and never really has), it is still hard to believe how many do. Of course it is made a lot easier with Facebook exactly because Facebook is something of standing water but instead of mosquitoes and physical diseases you have moral/ethical/intelligence (and okay, physical in some sense) diseases (and obviously computer diseases too but that is expected).

    I think you put it best though and it is why this will never, ever stop. It will only grow. The people chosen to lure the naive in will change, as it always has, but the attack method is not going to stop. Unfortunately too many people (too many is actually one person) don't think enough, most certainly not for themselves.

    The only victims here:
    1. In the case of real leaks, the victims of the leak. Here this doesn't apply.
    2. Those indirectly attacked by those preyed upon. Attack includes any number of things, of course.

  2. Ian R

    October 10, 2014 at 9:10 pm #

    I've been saying for years that software-update nags are the greatest security vulnerability on any computer, bar none. Whilst a few software items do have critical vulns that need patching urgently, the majority of such nags come from programs which present no major security risk if they are not the latest version. The nags themselves present by far the greater risk, since they may not be what they seem.

    With UAE making drive-by infections harder to implement, update spoofing is the preferred method for malware authors these days. The beauty of it is, if the user is duped then they will OK any elevation prompt that appears, so in the spoofing scenario UAE might as well not be there anyway.

    The best answer to this is the computer which never displays update nags or software download links, and where all updates are controlled by site IT management. Then, if a nagscreen appears, the user knows it is potentially dangerous, and dismisses it. Unfortunately the browser and website authors seem hell-bent on preventing IT managers from achieving this.

Leave a Reply