Facebook users have noticed and reported a new scam making rounds on the popular network . [ 1 ] This time , it is the same old Facebook Messenger virus that compromises user accounts and acts on behalf of the victim to distribute the malicious link further . The scam uses a basic social engineering technique that lures Attack.Phishing the potential target into clicking on the provided URL . In addition , the victim feels safe since the link comes from Attack.Phishing one of his Facebook friends . The message usually includes a short line that looks similar to “ its you ? [ name ] : |. ” The emoji at the end of the message differs , and the provided link is shortened ; therefore the user can not figure out where it leads . However , the shortcut indicates that the link leads to a mysterious video and triggers victim ’ s curiosity to check it out . Typical strategy : Install something to watch the video Cybersecurity experts are already familiar with the technique used to trick Attack.Phishing questioning users into installing the Facebook Message Video virus . As soon as the victim clicks the compromised link and enters the phishing website ( which apparently is designed to look like Attack.Phishing YouTube or another popular video sharing platform ) , a misleading pop-up appears Attack.Phishing , asking the victim to install an update or an application ( it could be a fake Adobe Flash Player or a plug-in ) . The file suggested to the user contains no software related to video streaming and simply carries the malicious payload that later compromises Attack.Databreach victim ’ s account and sends out Attack.Phishing the deceptive messages to all victim ’ s contacts . Speaking of fake Adobe Flash Players , we want to inform you that these are one of the most dangerous threats to your security . One of the latest cyber attacks Attack.Phishing was based on fake pop-ups appearing on compromised sites , urging Attack.Phishing people to install an updated Flash Player . Unfortunately , launching the install_flash_player.exe file only infected the computer with Bad Rabbit ransomware .

More than 1,500 companies in over 100 countries have suffered an infection at the hands of the Adwind Remote Access Tool ( RAT ) . Discovered by researchers at Kaspersky Lab , this new attack campaign suggests that Adwind , a multifunctional backdoor which has targeted more than 450,000 individual users ( including Mac lovers ) since 2013 , has developed a taste for business victims . The Adwind malware ( also known as AlienSpy , Frutas , Unrecom , Sockrat and jRAT ) appears particularly drawn to retail and distribution , with approximately one-fifth of this operation 's victims falling under that category . It 's also preyed upon organizations in the architecture , shipping , construction , insurance , and legal sectors . An attack Attack.Phishing begins when a business receives Attack.Phishing an email from what appears Attack.Phishing to be HSBC , one of the largest banking and finance organizations in the world . The email originates from the mail.hsbcnet.hsbc.com domain that 's been active since 2013 . Its message says the corresponding attachment contains payment advice for the recipient . As Kaspersky explains in an alert : `` Instead of instructions , the attachments contain the malware sample . If the targeted user opens the attached ZIP file , which has a JAR file in it , the malware self-installs and attempts to communicate with its command and control server . The malware allows the attacker to gain almost complete control over the compromised device and steal Attack.Databreach confidential information from the infected computer . '' ( Just to be clear - opening the ZIP file itself does n't cause any harm , but opening the JAR file contained within the ZIP archive can infect computers ) Upon establishing a connection , attackers can use Adwind to steal Attack.Databreach confidential information from the infected computer . This includes critical data relating to the business . Organizations based in Malaysia have suffered the brunt of this attack campaign thus far . But entities in the United Kingdom , Germany , Lebanon , and elsewhere are not far behind . Given Adwind 's evolution ( as well as its commercial availability on underground marketplaces and other dark web forums ) , organizations should restrict their use of Java ( on which the malware is based ) to a select few applications that absolutely require this software in order to function properly . If possible , companies should take their security one step further and try to isolate these applications from their other endpoints