ESET warns of new Facebook threat

Barely a week after ESET warned users worldwide about an active Ray-Ban scam campaign on Facebook, which tricks users into sending their payment card details to the attackers, the company is warning of new malicious activity targeting the world’s largest social network.

This time, malicious links are disguised as a post on a Timeline you were tagged in, or as a message sent to you via Messenger by a friend. Using one of the titles “My first video”, “My video”, “Private video” or a string of randomly generated characters, it tags various people from victim’s friendlist and lures them into clicking on it.

If an unsuspecting user falls for the scam, the post redirects him/her to a fake YouTube website. After what pretends to be an unsuccessful attempt to load the content, he/she is requested to install an additional extension using the following message:

Sorry, if you don't install Video Play plugin, you will not be able to watch the video!

Click 'Add Extension' to watch the Video              

If the victim installs the malicious plug-in, his/her browser becomes infected and carries the infiltration further. The users Facebook wall becomes flooded with fake video posts tagging multiple friends from the victim’s friendlist and subsequently, all online friends will receive an identical message via Messenger with the same harmful contents.

ESET detects this threat as JS/Kilim.SO and JS/Kilim.RG. At this point, the infiltration only targets Chrome users, but there is no guarantee that it will not spread to other browsers in the future.

How to get rid of it?

1)  Immediately remove “Make a GIF” extension from your Chrome browser.

Either type “chrome://extensions/” into the address bar or go to Customize and control Google Chrome -> More tools -> Extensions -> Make a GIF -> Remove from Chrome…

If you also use the legitimate “Make a GIF” extension, use the pictures below to distinguish the original version from the infected one.

If you click on Details -> View in store, you will see details about extension.

2)  Scan your computer with a reliable antivirus software. If you don’t have any security software installed on your personal computer, you can use our free solution ESET Online Scanner.


The malicious campaign is spreading spam messages and infecting Facebook accounts with a very high rate of success, says ESET. However, it has potential to become more dangerous in the future, spreading other, more powerful malware with new capabilities.

The company advises users to be very careful when clicking on any links that appear suspicious (using different or imperfect language, tagging friends for no reason, originating from an unexpected friend or other unknown source,  etc.), and while attempting to watch YouTube videos do not download any additional Flash player or similar plugins.

Share this News
Share |
Subscribe to our Daily Newsletter here