Pornographic malware affects facebook, amazon services and box

A new type of malware that spreads via Facebook, is also capable of infecting other services, such as Amazon, Box and the shortener url Ow.ly. The worm was detected by Malwarebytes security labs and spreads via suspicious links on porn sites.

The malware is part of the Kilim family, which is capable of infecting Google Chrome with unwanted plug-ins, capable of using user profiles on social media to enjoy and share pages without the user's permission. This type of worm spreads through a browser with false installers or the Adobe Flash Player and Google Update .

This variation uses the promise of pornographic material that can be downloaded from websites. The downloaded file name is videos_New.mp4_2942281629029.exe, which tries to go through a video but is actually a malicious executable file. Infected victims try to spread the worm to their contacts or groups by posting pornographic messages with links on Ow.ly.

Behind the scenes, criminals have a redirect layer architecture that uses the redirector, Amazon, and cloud storage box. The end result depends on the team that clicks on the link. Mobile devices are redirected to affiliate websites, which are used to display random offers.

In the case of desktop computers, in addition to the redirection, the extension will be installed in Chrome and created a shortcut to the browser that is used to start a malicious application when it is open. This tactic allows criminals to bypass browser protection using a compromised version.

The full path of the link goes through a series of redirects. The first of these, the Ow.ly, redirects to a second link of the url shortener. This, in turn, leads the user to an Amazon redirector, which eventually leads to the malicious site. This site checks computers and redirects them based on the user's device. Desktop computers, for example, are taken to Box.com, where a malicious file is downloaded.

According to the companies responsible that malwarebites have already been informed of the problem and several URLs are blocked and compromised. The company asks users to be careful and to avoid clicking on links that promise prizes or free items.