This is not the first of its kind I’ve seen, but they follow the same basic script. I think it’s interesting that they use an existing, obviously compromised account (this one was established in 2007) to post in closed FB groups.
They are smart enough to leave the single comment with a deceptive icon (YouTube in this case), then turn off commenting so it can’t be shouted down by other members of the group. It pretty much becomes up to the group admin to kill the post, but that might take a while.
The TinyURL link takes you to a link at yolasite.com where it appears to run Adobe Flash, however we are still looking at what exploit or payload it’s trying to push.
These same types of scams are often used to prompt people to install a “codec” (Software to view a type of video) in order to view the video, but it’s actually malware. Big surprise there, right?
Just keep an eye open for these types of scams as they are getting more and more common.
Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere.