Facebook Follower Scam Prompts Victims to Inject Themselves with Dangerous Code

More than 17,000 Facebook users were tricked by a bold scam that promised them over 100,000 followers on the social network and made them willingly inject dangerous code in their browser. Bitdefender has started to analyze the dubious profile promoting the scam after several Facecrooks fans complained about the social engineering trick. Hackers behind the scam could be of Turkish origin.

It all started with a freshly registered Facebook page. “Master of Hacking” promised to teach fans a new trick – “how to increase Facebook followers” to more then 100,000, 100,999 or 150,000 with a simple piece of code that users should insert into Google Chrome or the Maxthon browser.

This time, computer hackers didn`t bother to create a scam that delivers the malicious code without users` knowledge. They simply asked victims to copy it. Many thousands fell for the scam and it is still claiming victims. Most users who fell for the scam are from Turkey or Pakistan.

“Wait 24 Hours,” scammers advised “future” hackers in search of social celebrity. “After 24 Hours Check Account Facebook Says 100,000+ People Followed you.”

In reality, users desperate for popularity are tricked into liking or following dubious Facebook profiles and pages. A comment is also posted on their behalf to promote the scam further.

The same hackers offer a wide range of such computer “tricks.” Users are also lured with a scam that shows them “HOW TO GET 999+ FRIENDS REQUESTS IN ONE DAY.”

Social engineers behind “Master of Hacking” are grateful to their fans, despite grammatical disabilities. “Big THANKS FOR TRUSTING ON ME,” they said.

Bitdefender researchers have spotted similar payloads in malicious browser add-ons delivered via Facebook. This particular code is useful to social media scammers who want to acquire likes and followers. All they have to do is change some lines to adjust their destination.

Follower scams have been making the rounds on Facebook, Twitter and other social networks for a couple of years. In November 2013, more than 100,000 Instagram users gave their credentials for free followers and likes on the photo sharing platform.

Bitdefender has reported the fake profile promoting hacking tricks and advises users to stay away from such promises. Gaining followers and likes can be harder with quality posts but the work will eventually pay off in terms of actual popularity.

To avoid getting infected with malware, users are also advised to keep their antivirus and other software updated.

This article is based on the technical information provided courtesy of Andrei Serbanoiu, Bitdefender Online Threats Researcher.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.