[Security] New CAPTCHA method or just another likejacking scam?
In case you’ve seen this on Facebook, try to not click on it even if you understand French (it appears to be only in Franch) because it will take you on a road where you don’t want to be.
But, we like to live dangerous, so we analyzed this for you.
Once you click on the video, you will see a window with the video you’ve chosen to see, but in background between 1 and 3 browser instances are opened pointing to various advertisement websites and malware (more on this below).
We were expecting to have immediately on the fake Facebook profile the link posted, as the normal likejacking scams do. But surprisingly it didn’t.
The first strange thing about that video is that it appears to do something as if it is preparing to buffer video content. But it doesn’t …
It displays this :
For reading the video, you must share it on Facebook.
Ahm… how can one read a video ? Maybe see the video…
If you click on Play, the following window shows up explaining that you must like the video first and then try again to play it.
There is a trick… which I discovered by chance.
If you don’t click on the button for about 5 minutes, you can still see the video without sharing it.
One of the pages opened in the background was a deja-vu for me: Check who visit(ed) your Facebook profile. We wrote many times about this … and about the fact that it is not possible to see who visited your profile.
Once you click on it, the browser tries to open a download which points to a malicious file.
Fortunately, the Web Protection functionality detects the URL and blocks it accordingly.