A new Facebook scam has leveraged the popularity of British actress Emma Watson to infect users with malware.
In addition to infecting users with a trojan that attempts to hijack personal information such as phone numbers, steal app tokens and compromise Facebook sessions, the attackers also monetize their efforts by subscribing victims to premium SMS scams, according to BitDefender Labs' security blog.
If a user clicks on a malicious link in a Facebook comment that promises a leaked video of the actress, they're redirected to a phony YouTube page that asks them to update their Flash Player in order to view the content. Once the victim decides to opt for the update they're infected with what researchers have labeled as Trojan.JS.Facebook.A.
The promised content is never displayed and the victim's account also ends up sharing the same message they came across.