Skip to content ↓ | Skip to navigation ↓

A Facebook Messenger trojan known as “Eko” is targeting French users of the social networking site via private message (PM) scams.

The malware takes the form of a common Facebook scam type: a fake video of the recipient captured by one of their social media friends.

It even uses the recipient’s profile picture and name to add a sense of plausibility, as shown in the screenshot below courtesy of FrAndroid:


Those who fall for the social engineering attack and click on the fake video are prompted to install a Google Chrome extension. That extension is the Eko malware.

Upon successful installation, the trojan gets to work with its malicious activities.

As Malwarebytes Labs explains in a blog post:

“…[U]sers are then subjected to unwanted advertisements. Reports also say that ‘Eko’ can spy on users, collecting their personal data, including bank account details. On top of this, affected user accounts send similar messages to all their Facebook Messenger contacts.”

The threat has become so severe that the Interior Ministry in France published a post on Facebook warning users to be on the lookout for the malware.

L’internaute reports Facebook is currently working to mitigate Eko, but with any trojan, it’s unclear how long that effort will take.

Anyone who thinks they might have installed the malware should go to their Chrome settings and uninstall the “Eko” extensions. Just to be on the safe side, they should also use an anti-virus solution to scan their computer for other traces of malicious software and change their Facebook passwords.

In general, social media users should exercise caution around suspicious-looking videos that appear to come from their Facebook friends. If you come across one of these videos on Facebook, make sure you don’t click on it. Instead report it to Facebook’s security teams so they can have a look and decide how they can best protect you and other users against similar types of scams.