Facebook porn malware infects 110,000 users in two days

A pornographic video is being shared on Facebook that has the potential to infect the viewer’s computer with malware.

The video instructs users to download a fake Flash Player update, which actually hosts a Trojan horse virus enabling attackers to gain remote access to their computer.

Read more: Facebook cracking down on news feed spam

Mohammad Faghani alerted Facebook users to the malicious download via his security blog Full Disclosure.

“We have been monitoring this malware for the last two days where it could infect more than 110K users only in two days and it is still on the rise,” he said. “This malware keeps its profile low by only tagging less than 20 users in each round of post.”

Faghani also revealed that the malware would enable hackers to control the mouse and keyboard of an infected device.

This particular Trojan also operates somewhat differently from previous social media threats as it tags friends in the malicious post, rather than privately messaging them. This enables the post to receive greater visibility as friends of friends may see the video, speeding up the spread of the malware.

Facebook released a statement to security blog Threatpost explaining that it was attempting to block the malware.

"We use a number of automated systems to identify potentially harmful links and stop them from spreading. In this case, we're aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites,” wrote a company spokesman.

"We are blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook."

Read more: How and why Facebook went down

The rapid spread of the malware is more bad news for the social network after it suffered a mass outage last week. Facebook has since dismissed claims that it was the target of a third-party attack from hacker collective Lizard Squad and instead blamed the disruption on an internal configuration issue.