Just visting a link can result in Acai Berry spam messages being posted on the user’s Facebook profile, even if the user doesn’t do anything on the page, security researchers warned.
The sites depend on users being still logged into Facebook while surfing and clicking on unknown links. Users follow a link and land on a Facebook application page where a video is about to load, Boyd wrote on the GFI Labs blog. Users don’t have to click on anything to actually launch that process as it starts automatically when landing on the site. Users trying to navigate away from this page would see a message informing them that leaving the site would corrupt the Flash install.
While actual messages may vary, the product is touted as a “Facebook Sponsored Weight Loss Product,” according to a screen shot on the GFI Labs blog. The spam message can also appear in Facebook chats with random friends, with cryptic messages like, “What are you doing in this video?” accompanying a link, Boyd wrote.
The link opens to a fake news page with a number of logos from prominent media outlets displayed on the top, including CNN, USA Today and ABC, and various testimonials about the success of the “Miracle Acai Berry Diet.” There are also links that the user can click to buy the berries.