Malicious Facebook flash player detected that uses CAPTCHA pop-up to distract user

A fake version of Facebook has been detected that infects unsuspecting users with malware.

Lim Choon Hong, web security analyst at F-Secure, claimed that the fake site has a malicious JavaScript that uses the ‘Flash Player upgrade installation,' where the viewer is told to upgrade their player to view videos on the site. They are asked to download and install the ‘upgrade', which comes with a CAPTCHA pop-up.

Hong claimed that any text entered into the field by the user will result in them being told that they have entered it incorrectly, and that the screen will close after a few attempts, but will still continue to appear off and on.

While this is happening, however, the malware copies files to C:\Windows, deletes itself and creates a few Registry keys. F-Secure detected the malware as Trojan:W32/Agent.MDN.

Sign up to our newsletters