Faceliker malware

Cyber-security firm McAfee is reporting about a sudden surge in detections for Faceliker, a malware strain that can take over browsers and manipulate Facebook "likes" on the behest of a remote party in order to promote social media trends, fake news, and other content.

The Faceliker malware is not new, being spotted years back, and is a generic detection that describes malware that takes over users' browsers and uses JavaScript code to perform click-jacking, giving Facebook "likes" to content received from a central command and control server.

The malware is usually packed in rogue browser add-ons, and specifically Chrome extensions. Users are lured to pages that promote these rogue extensions, either using email or Facebook Messenger spam.

Faceliker account for 8.9% of all new malware samples

McAfee says it detected a sudden rise in Faceliker detections during Q2 2017, which is no surprise, since Bleeping Computer's Lawrence Abrams observed a similar noticeable increase in rogue Chrome extensions during the same period, some of which come with even more malicious features, besides giving "likes" to predetermined Facebook stories.

According to statistics included in the McAfee Labs Threats Report: September 2017,  Faceliker accounted for almost 8.9% of the 52 million new malware samples detected in the second quarter of 2017, being one of the key driving forces behind the 67% increase in desktop malware detections for that same period.

McAfee malware detections in Q2 2017

While Faceliker is a generic term used to describe malware that gives Facebook likes, users should be aware that malware never stands still.

Most of today's browser hijackers, besides giving Facebook likes, are also equipped with the ability to steal passwords, promote content on other networks, or insert ads or popups on top of legitimate pages.

Facebook offers an activity log for all user accounts. Users who notice strange likes for content they don't usually "like" should search their browser for extensions they don't remember installing, scan their computer with a security product, or reach out for help to a professional.

C&C server for a browser hijacker that includes extra features besides Facebook liking
C&C server for a browser hijacker that includes extra features besides Facebook liking

Related Articles:

Ad Clicker Hiding as Google Photos App Found in Microsoft Store

Facebook States 30 Million People Affected by Last Month's "View As" Bug

Facebook Vulnerability Affecting 50 Million Users Allowed Account Takeover

CoinMiners Use New Tricks to Impersonate Adobe Flash Installers

New Reports Show Increased CyberThreats, User Risks Remain High