spotted by Malwarebytes in early March. They explain that the Trojan spreads itself through the Facebook’s Messenger service (inbox) by messaging a victim pretending to be one of their friends saying "LOL" with a zip file attached, which appears to be a photo, named "IMG_XXX.zip"
How It Works ? Malware Bytes Explains....
- User gets a Facebook instant message from a friend of their’s, which includes the words ‘lol’ and a file waiting to be downloaded.
- The user downloads the file because they can assume it can be trusted. The filename matches the usual filename of a photo: ‘IMG_xxxx’.zip.
- Once downloaded, the user unzips the file and clicks on what they assume is an image file, still called IMG_xxxx.jar
- The JAR file executes, downloads malware and infects the system.
- The infected users Facebook account is compromised and then used to send more malware to the users friends.
How To Protect ?
As in the Malware bytes explanation where they have analysed the malicious file, they found that its a Trojan Virus, and with the online virus scan, it is giving 27/50 virus detection ratio. If you are getting it from one of your trusted friend, then ask them about the message and file containing with it. If they denies for sending then simply DO NOT DOWNLOAD it.
If you have downloaded the file, then you might have infected with the Trojan horse virus. So if you think you are affected to it, then scan your computer with the trusted and reputed antivirus program.
We recommend our users to keep up-to-date your antivirus program always and use trusted programs. Don't download any file from net without the prior information. Always download the stuff from the trusted sites only.