Just visting a link can result in Acai Berry spam messages being posted on the user’s Facebook profile, even if the user doesn’t do anything on the page, security researchers warned.
Facebook took down a number of these application pages “dabbling in Javascript shenanigans” on March 7, but there are quite a few redirect pages still actively tricking users, according to Chris Boyd of GFI Software. Applications like “bergamoleyra” and “hellenismkpmga” are now displaying “page not found” messages, and the main domain driving the campaign, franebook.com, is currently returning 404 errors, Boyd said.
The sites depend on users being still logged into Facebook while surfing and clicking on unknown links. Users follow a link and land on a Facebook application page where a video is about to load, Boyd wrote on the GFI Labs blog. Users don’t have to click on anything to actually launch that process as it starts automatically when landing on the site. Users trying to navigate away from this page would see a message informing them that leaving the site would corrupt the Flash install.
Once that message is displayed, it’s over, because the Javascript code has already posted a spam message on the user’s Facebook profile page with a link back to the page, Boyd said.
While actual messages may vary, the product is touted as a “Facebook Sponsored Weight Loss Product,” according to a screen shot on the GFI Labs blog. The spam message can also appear in Facebook chats with random friends, with cryptic messages like, “What are you doing in this video?” accompanying a link, Boyd wrote.
The link opens to a fake news page with a number of logos from prominent media outlets displayed on the top, including CNN, USA Today and ABC, and various testimonials about the success of the “Miracle Acai Berry Diet.” There are also links that the user can click to buy the berries.