< The MacPaw How-tos

Facebook virus attacks and how to protect from them


There have been a host of Facebook virus attacks in the little over a decade it’s been in existence. Some are fairly easy to spot and avoid, others look fairly innocuous until it’s too late. Here, we’ve listed the most common Facebook virus attacks and how to protect yourself from them.

1. Copy and paste this post

We’ve all seen posts on our timeline from friends that say something that tugs on our emotions or makes us excited or curious. Usually those posts ask us to copy and paste, rather than share. However, that request is a good sign the post has some kind of malicious intent behind it. The original poster either wants to protect their identity, knows the post might be removed (and so would also be removed on timelines where it was shared), or has included a misspelled word that will allow them to identify people who have copied and pasted it and target them in the future. If the post offers to, for example, tell you your superhero name, it will ask for personal information. All of this can be used to target you in the future. The best way to avoid it is to ignore those posts that ask you to copy and paste rather than share.

 2. Spam posts

These posts are often sent to groups, particularly groups that are open to anyone or that aren’t strictly moderated. The post will contain a link and if you click on that link it will take you to a site that hosts a virus or other malware. The best way to avoid being a victim of a spam Facebook post is not to click on a link in any post unless you are absolutely certain it’s legitimate.

3. Fake profiles

This is a common scam. You get a friend request from someone you recognize, so you accept it. But the request isn’t from them, it’s from a hacker who has set up a spoof account that uses their details and photos. Once you’ve friended them, they have access to your personal data and photographs and can use them to target you by sending you links to malware. To avoid this, make sure before you accept any friend request that it has come from the person you think it has. If you know them well enough, ask them on a different platform if they sent you a request.

4. Video virus

There are number of versions of the Facebook video virus and they can occur on both Facebook itself or on Messenger. The Messenger video virus appears as a link, apparently sent by a Facebook friend (perhaps one whose account has been hacked) and is accompanied by text telling the recipient that this is a ‘special’ video or one that they must watch. However, when the recipient clicks on the link it doesn’t take them to the video, instead re-directing them to a website that hosts a virus or other type of malware.

The video virus can also appear on Facebook timelines. Again, the video looks like it’s been shared by a friend. In this case the video can be viewed on Facebook, but there will also be link and something either in text or in the video itself to encourage the recipient to click the link. Again, the link will take them to a website hosting a virus. The best way to avoid this kind of virus attack is to not click on any link unless you are 100% sure of where it leads. 

5. Browser extensions

Web browser extensions are a favorite tool for hackers who want to spread malware and it’s no different for Facebook hackers. There is a number of different extensions, some of which are linked to Facebook video viruses, that when you install them and visit Facebook will attempt to steal data or fill your feed with adverts. One way in which hackers try to persuade users to install malicious extensions is by making it a requirement of watching a video the user has clicked on. You should always be careful about installing browser extensions, and makes sure when you do that you know where they have come from and that they are legitimate. Often, malicious browser extensions are given names that sound like the name of a popular legitimate extension. So, be vigilant.



6. Messenger links

Sending links in Facebook Messenger is a favorite tactic of hackers. The links look like they’ve been sent by a friend but in reality have come from an account that’s been compromised in some way and the links sent by a hacker. Those links lead to a site that’s infected and that will either try to break into your account, steal data, or display adware. Whenever you get a link from a friend on Messenger, if you’re not expecting it or if it looks in any way suspicious, don’t click on it. First of all, ask your friend if they sent the link. If they don’t reply or say that they didn’t, ignore it and tell your friend their account may have been compromised.

7. Third party apps

In the early days of Facebook, the biggest threat from third party apps came from those that pretended to be popular games such as FarmVille. Those spoof apps would persuade you to install them and then flood your timeline with adverts or attempt to spoof your account.

Now, however, third party apps that you give permission to access your account are a bigger problem. Whether you log into an app or service using your Facebook account, or allow an app like Pinterest or Spotify to post on your Facebook account, there’s a risk that if those services suffer a data breach, your Facebook data could be compromised. To avoid potential problems, you should only give access to your Facebook account to those apps you really want to use with Facebook, and never choose the option to log in to a service with your Facebook account as an alternative to creating a unique username and password for that service.



How to avoid viruses and security problems on Facebook

1. If you think your account has been compromised, change your password immediately and create a new, strong password, perhaps using the password generator in your web browser or password manager.

2. Review apps that have access to your account. In a web browser, go to facebook.com, log in and click the down arrow on the right of the toolbar. Choose Settings, then Apps and websites. Check the box next to any apps or websites you don’t want to use with Facebook and click Remove.

3. Use two-factor authentication. This requires you to confirm your identity, usually by typing in a code received by SMS, when you log in to Facebook. It’s more secure than using a password alone. Go to Settings, then Security and login and choose Two Factor Authentication.

4. Log out of Facebook on devices you no longer use. In Settings, click on Security and login and click on See More under the “Where you’re logged in” section. Click on the three dots next to any device you no longer use, and then choose Log out. If you don’t recognize the device, click “Not You?”

What to do if you think you’ve got a virus from Facebook

1. Change your password

2. Post a status update telling your friends you think your account may have been compromised

3. Log out of all the apps and services you use that are linked to your Facebook account

4. Scan your computer for malware. You can do this using an antivirus tool. There are several available for both Mac and PC that will scan your computer for free. Some will also remove malware at no cost, while others require that you pay for a full version of the application. If you use a Mac, you can also scan it using the malware utility in CleanMyMac X


CleanMyMac has a regularly updated database of malware and will scan your Mac and compare it with that. If it finds a virus or any other form of malware, it will offer to remove it. All you have to do is click “Remove”. Whichever tool you use, you should scan your computer regularly for a period after your Facebook account was compromised.

There have been a number of different Facebook virus attacks over the years, and there are likely to be more. The best way to avoid running into trouble is to be vigilant and use common sense. Don’t click on links or copy and paste or share posts unless you are sure they are legitimate. If the links come from a friend in Messenger, ask them if they sent the link before you click on it. And if you do think you’ve downloaded a virus, scan your computer immediately using an antivirus tool or, if you use a Mac, CleanMyMac X.



Share it! Knowledge is power:
MacPaw uses cookies to personalize your experience on our website. By continuing to use this site, you agree to our cookie policy. Click here to learn more.