Fake Facebook porn videos infect 110,000 with malware
Over 110,000 Facebook users were infected with malware within two days after clicking on a link in a fake post claiming to be a pornographic video Reuters

Over 110,000 Facebook users have been infected with malware in just two days after clicking a link on a pornographic video claiming to be a Flash Player update which you need to see the rest of the clip.

The malware is spread on the world's largest social network through posts posing as pornographic videos. Opening the post, users get a preview of a porn video which eventually stops and asks users to download a (fake) Flash Player to continue watching the clip. The fake Flash Player is in reality the downloader of the malware.

According to security researcher Mohammad Faghani who first reported the malware campaign, once downloaded onto a victim's system, the malicious software can hijack users' keyboards and mouse movement.

Facebook porn malware posts
What the fake Facebook post looks like TheHackerNews

The hackers behind the attack publish the video clips tagging multiple users meaning that not only do the people tagged see the post, but also their friends, meaning the malware spreads much faster.

However in order to avoid instant detection by Facebook's automated systems, the researcher said the malware "keeps its profile low by only tagging less than 20 user in each round of post."

Faghani said the malware was able to infect more than 110,000 people in just two days

In a statement, Facebook said:

We use a number of automated systems to identify potentially harmful links and stop them from spreading. In this case, we're aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites. We are blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook.

Facebook has long been seen as a viable way for criminals to spread malware using clever social engineering techniques. Typically criminals tempt people into clicking on links using salacious imagery or celebrity gossip.

Last week Facebook announced it was introducing a new way for users to flag such posts as "purposefully fake or deceitful news" in a bid to eradicate the increase in the spread of such posts.

Related