Hello everyone, For the past few weeks, someone has been posting the following message in my groups or on my profile via my account: "Hello everyone, some time ago, I heard an ad on the radio. The host claimed to know how to win a new iPhone X. It turned out that all I had to do was type the code: "APPLE67FR" in the Google search bar and click on the first link that appeared. The next step is to fill out the registration form and wait for the contest organizer to contact you. It's so mundane! Yesterday, I received a package from UPS and inside, guess what, there was a new iPhone X 64GB. I advise you to hurry up and try as soon as possible because the offer has an expiration date and will last until the end of the week." It's very embarrassing, and I don't understand how this could happen because: - I change my password every time this happens (uppercase/lowercase/numbers/letters, something complex) - I am at the maximum security level in my settings (I'm supposed to receive a notification when someone logs in as me, for example, but I don't receive anything when the hacking occurs) - I don't play any games, don't have any apps on my account, and don't open any suspicious links. I've disabled everything because I don't need it. And yet, despite all this, the message appears every day or sometimes every two days on my groups/profile. What should I do? Thank you in advance for your help; I am desperate.... Good evening and thanks again.

Facebook account hacking with iPhone X links : CCM

Réponse 1 / 44

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710

The conclusion is on this topic: https://forums.commentcamarche.net/forum/affich-35172001-virus-ipx256gog#20
and the explanation on this link: https://www.malekal.com/arnaque-iphone-1-euro-facebook/

Basically, there is indeed a parasitic extension on Mozilla (it should be available on Chrome as well).
In the observed case, it is named Adobe Flash 2.0, but the name might change over time.
This extension installs the Facebook HTC application, which explains why, when you delete the HTC app, it comes back....
When you reuse the infected browser due to the extension, it reinstalls the Facebook application upon logging into Facebook.
This is what I explained in this message

This means you have not reset the internet browsers as indicated from the beginning because it removes the extensions:
https://forums.commentcamarche.net/forum/affich-35063724-piratage-compte-facebook-avec-liens-iphone-x#23
https://forums.commentcamarche.net/forum/affich-35063724-piratage-compte-facebook-avec-liens-iphone-x?page=2#70

Afterwards, you might not have done it on the right computer, because in the first link, the person has the infected extension on their work computer and not on their personal computer.

Today's conclusion, in terms of security, be careful about the computers you use to connect, especially when they are public and shared computers (work, school, cyber, etc).

Note that for Firefox, you can launch it with all extensions and add-ons disabled.
This can be useful to use this function on the work computer if it is shared.

EDIT - Malwarebytes published an article about this: https://blog.malwarebytes.com/cybercrime/2018/04/facebook-spammers-making-things-worse/

Blue-castle

Sure, thank you very much! I understood the problem, and I indeed have the "Adobe Flash Player 2.0" extension activated on Firefox. The only thing is that I haven't had any posts on my account for over 6 weeks with that extension still activated. This dates back to the day I changed all the applications on my Facebook account to "Only Me" (including HTC Sense), so I must have already blocked the hacking at that time.. ?

I have a question though: why is only Facebook infected and not other sites? Is it because it's an extension created specifically for Facebook?

Another question: any idea how this extension got installed on our browsers?

Thanks again!

Marion

For my part, I removed all these extensions and it didn’t change anything. I uninstalled and reinstalled properly and it still didn’t work. I think it might work for some (I had read it in discussions on Facebook) but not for everyone.
I also wanted to ask: it’s been about ten days since I’ve had any posts, am I the only one?

Réponse 2 / 44

Blue-castle

Hello, I have exactly the same problem as all of you, with posts on the Facebook groups I belong to, offering to sell an iPhone X. I have been hacked 3 times, the first time on November 22 (I was logged in), the second time on December 10 (also logged in), and the third time yesterday, December 15, but this time I was not logged in. I followed all Facebook procedures, changing my password, enabling two-factor authentication, connection alerts (which don't work), I scanned my computer with Avast, CCleaner, AdwCleaner but everything is clean... But I think that if my computer had been infected, it wouldn't just be Facebook that was hacked.

The only thing I noticed is that a few days before my first hacking, a window in my browser (Firefox) opened by itself and activated an application (HTC Sense) linked to Facebook by allowing the connection to my account. At the time, I went into the Facebook settings and disabled "apps, websites, and plugins" thinking that would solve the problem. But I still got hacked.
For your information, I only use Facebook on my computer and I only have the Messenger app on my phone.

I noticed yesterday that when you go into Facebook's personal history, there is the "Apps" filter on the left with all the applications linked to your account. Which seems strange since I've disabled the apps in the Facebook settings! And there, surprise, the "HTC Sense" app is part of the list and in addition, it states that it can post on my behalf to "Public". So, the only action we can take is to set it to "Only me". I still suspect this app to be the source of the posts on my account. The only problem is that we have no power over third-party applications on Facebook, and they themselves say that we need to contact the developers of the apps to disable the link. Except that in this case, I do not have an HTC Sense account and therefore cannot do anything.

So that's my problem, and maybe a start to the solution?

Thanks to those who are looking into the problem.

spectralKnight

Hi, I think you found the solution to our problems because I remember the first post was made with this app. I did the same hoping it would stop. This is the 6th time my groups are getting spammed and they are starting to get fed up :)

Blue-castle

It’s clearly a problem with the app itself… Maybe Instagram?
I’ve switched all the apps to “Me only.” Let’s see if that changes anything…

spectralKnight

In fact, no, it doesn't come from there. The publications continue.

Blue-castle

It's annoying... for now, nothing for me. Do you have any apps on your phone linked to Facebook? Personally, I reset my phone...
And have you checked where the posts in your personal history came from?

spectralKnight

I have Facebook and Messenger, but it was posting when I didn't have Facebook installed, and no, I didn't think to check, I deleted everything right away. I'll look into it next time... ^^

Réponse 3 / 44

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710

Hello,

Change your Facebook and email password.
Check Facebook applications and permissions.
Secure your Facebook account (two-factor authentication, etc.).
See: How to secure your Facebook account

Finally, if you want to check your computer (malware):

Follow the FRST tutorial. ( take the time to read carefully - everything is well explained ).

Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.

Three FRST reports will be generated:

FRST.txt
Shortcut.txt
Additional.txt

Send these 3 reports to the site https://pjjoint.malekal.com/ to share them.
In return, provide the 3 pjjoint links that lead to the reports here in a new response so that we can review them.

Please press a key to continue the disinfection...

_Sonic_ Posted messages 7 Registration date Status Membre Last intervention

Thank you for your response. However, to download FRST, I need to choose between 32 or 64 bits. However, I have a Mac... and I can't find an equivalent FRST for Mac.

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710 > _Sonic_ Posted messages 7 Registration date Status Membre Last intervention

If you're on Mac, forget about FRST then.

_Sonic_ Posted messages 7 Registration date Status Membre Last intervention

Alright. So what's the scanning solution on Mac?
Everything else you've suggested I've already done. I change my password every time a hack occurs + secure the account and I have no applications as I told you, everything is disabled.

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710 > _Sonic_ Posted messages 7 Registration date Status Membre Last intervention

Have you also turned on connection notifications?
And the Facebook apps?

You can always run Malwarebytes on Mac: https://fr.malwarebytes.com/mac/
No TeamViewer running?

_Sonic_ Posted messages 7 Registration date Status Membre Last intervention

Yes, I had enabled connection notifications a few months ago, but I don't receive any notifications when messages appear, so I feel like it’s more of a virus than a real person connecting to post messages on my behalf...
I cleaned my PC with Malwarebytes, and there was nothing. I’m not sure what to do anymore...

Réponse 4 / 44

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710

We should run tests, like turning off the computer or phone for a few hours to see if the spam stops. (one after the other to check).
Try uninstalling the Facebook app from your phones.

But honestly, in the FRST reports, there’s nothing on the Trojan side.
It doesn’t seem like there are any malicious extensions on your web browsers.

At worst, you can reset them, but I doubt it will change anything:

Reset/Repair the web browsers concerned by the issues:

Repair Mozilla Firefox (first paragraph)
Repair Google Chrome (only the first paragraph).

--
Please press any key to continue the disinfection...

Flo

Hello, my computer has been shut down for a few days. I had set up the blocking of the application platform. I blocked HTC Sense. And now with an iPhone, the issue has reappeared. So on Android, yes, the issue persists.

Réponse 5 / 44

ArnaudduanrA Posted messages 2 Status Membre 1

Hello,

Same for me...
I've tried a lot of solutions:

- The basics: changing the password + logging out of all devices

- Logging out of all applications

- In the settings: stopping the use of Facebook as a platform (I thought it would work...)

And it's posting right now!!

I put Messenger back on my phone, I just removed it again and we'll see.

I'm starting to think it's my PC, or more precisely my browser. But I'm not really sure how to tackle it.

Otherwise... I'm starting to think it might be the perfect opportunity to cut Facebook for good.

Réponse 6 / 44

spectralKnight

Is it still ongoing right now for those who couldn't shake it off? I haven't had anything since April 5th.

Réponse 7 / 44

RuleOfRose Posted messages 4 Status Membre

Hello, I have exactly the same problem since Saturday and it has repeated three times up to today. I have checked everything, complete analysis of the PC with MalwareByte, Antivirus, Adwcleaner, checking all Facebook applications one by one, changing passwords several times, etc...
So I'm leaving you the FRST reports as you requested, author.

https://pjjoint.malekal.com/files.php?id=20171212_j9v9e15k14h9
https://pjjoint.malekal.com/files.php?id=FRST_20171212_r12c12d15b6o5
https://pjjoint.malekal.com/files.php?id=20171212_x5k15t513u11

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710

The reports are correct.
It may be from a phone.

Have you enabled connection notifications?
=> https://www.malekal.com/securiser-compte-facebook/

At least to see if a connection took place before these messages were posted.

RuleOfRose Posted messages 4 Status Membre

No, but I had looked and there was nothing unusual on that side, each time there was an action that I had done myself. (I didn't think to check there before deleting the message in question though)

Réponse 8 / 44

Cle75

Hello,

Like the previous people, I have the same problem. I have diligently applied the same outdated Facebook solutions, attempted various cleanups, launched antivirus programs, strengthened security as much as possible, with no results.

I therefore allow myself to leave the FRST reports here from the scan of my PC, if someone could please help me, thank you in advance!

https://pjjoint.malekal.com/files.php?id=FRST_20171212_z14v5g15z12s6

https://pjjoint.malekal.com/files.php?id=20171212_j15e8j14x11g12

https://pjjoint.malekal.com/files.php?id=20171212_k13i11m14x89

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710

Not infected.
You should discuss among yourselves to find out what you might have done that could trigger these messages.

Have you enabled the login notifications?

Réponse 9 / 44

RuleOfRose Posted messages 4 Status Membre

Yes, I activated them, so the message just resent and nothing at all...
We should check what we have in common; could it be coming from a phone?

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710

Possible for the phone.
Which app have you installed recently?

Cle75

I have run my Kaspersky antivirus several times over the past few days. It discovered (only this morning) two Trojans that I deleted. What surprises me is that it only found them now (recent update of the antivirus?). Now we have to see (and therefore wait) if this is indeed the source of the problem.

However, I don't see what could have enabled this hacking; I’ve been thinking hard...

Thank you, Malekal_morte, for checking the reports!

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710 > Cle75

In which file did he discover it?

Cle75

The file is named C:\Users\Clément\AppData\Local\Mozilla\Firefox\Profiles\tvfz3vrm.default\cache2\entries\788A6A623A4738FA79842B4268CB4766BEC9B7CB//bidmatching.js

Réponse 10 / 44

Dude23k Posted messages 2 Status Membre

Hi, I have the same issue, I only have two files per account with FRST

https://pjjoint.malekal.com/files.php?id=20171213_w10r6i10x15b15
https://pjjoint.malekal.com/files.php?id=FRST_20171213_i11i8w13p12u10

It's annoying, it's the third time in three days.

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710

Not infected.
I doubt it comes from your computers.

Dude23k Posted messages 2 Status Membre

oh no, I cleaned up the apps and everything (I got rid of all the sketchy ones) I changed the password and everything, and I thought it was coming from the computer...

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710 > Dude23k Posted messages 2 Status Membre

The FRST reports are correct every time, so I doubt it.

natch54

I have the same issue since Saturday! For my part, I don’t connect to Facebook on my phone, I only have Messenger on my phone linked to Facebook. I don’t understand either, I changed my password and then 24 hours later it reposts this message in 2 or 3 groups!

Réponse 11 / 44

mecquinaplusfb Posted messages 5 Status Membre

So I have the same problem as you for the past 2 weeks. I disconnected from my PC for a day and it started again. I'm resetting my iPhone to see, I'll keep you updated.

Try to list what might have caused this for you!! For my part:
- new second-hand phone
- created an Aliexpress account
- I don't see anything else..

I want to emphasize that yesterday, I did an important Windows update and reinstalled Firefox! (I also cleared Firefox caches just in case), but I had already run CCleaner yesterday and Malwarebytes without finding anything.

Achiiiille

I have the same issue, and thinking about it, I did some research the day before on Aliexpress without creating an account. This has happened to me twice.

Réponse 12 / 44

Sy

Good evening,
I have the same problem since Sunday. It stopped yesterday (even though I didn't do anything different) and it started again today.

As for my phone, I only use it for Messenger.
I ran antivirus, antimalware, and everything imaginable... Nothing! The computer is not infected. I changed all my passwords. I uninstalled all the add-ons associated with my browsing software.

Security on Facebook is at maximum. It's not hacking; the messages are indeed sent from my place. But how?

I've tried to think about what I might have done new. In fact, nothing that I remember.

Réponse 13 / 44

Schenofe Posted messages 1 Status Membre

Hello,

I have the same issue as you.

Facebook now prevents me from posting in a group or joining one, yet messages continue to be posted! Facebook then removes them immediately, notifying me.

If anyone has found a solution, please share it with us!

Juliette2607

How did you manage to get Facebook to remove them?

Marie61

Hello, I am also experiencing this issue since this week with 3 "hacks" in 4 days where the same message is being posted in all the groups I am part of... I am also interested in knowing how you got Facebook to delete them immediately and notify you? Also, have you found the source of the problem and the solution please? Because I am reading the forums but there is no solution... :/

Réponse 14 / 44

Mapi

Hello,

I am suffering from the same issue as you, and I am on Ubuntu for my computer and Android for my phone.

I have changed my passwords on Facebook and on the email linked to the account.
I deleted the Facebook app from my phone, but it still published today.
I removed the apps via Facebook that request permissions, etc.
I modified the group settings, but it doesn’t change anything.
I ran antivirus/malware scans on my phone and computer, and they are clean.

On my phone (which I had reset two or three days before all this happened):
Instagram, Messenger Lite, Photo Editor, Galaxy Apps, Google Play Services, and YouTube. Well, okay, at one point I might have tried Tinder Lite haha.

I do not remember installing any other apps since then.

Maybe it would be interesting for you to share the apps you use here?

Let’s keep our hopes up.

Réponse 15 / 44

Sy

Hello,
Until now, my posts were made while I was logged into Facebook on the computer (Windows). However, there was a post made while I was logged out...
Yet the app is not installed on my phone. Just Messenger...
Temporarily, I've unsubscribed from all my Facebook groups, except for one that I manage.

I checked yesterday the programs installed on the day the problem occurred. Only one matched. I deleted it yesterday and I had posts again today...

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710

and in Facebook applications?

Sy

I only have 2 Facebook apps (two games), I had already cleaned up.

Natch54

Same here, it publishes when I'm not connected!!! For example, it started on Saturday afternoon while we were out all day doing the Christmas markets in Alsace, so I hadn't been connected at all since the day before!!

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710 > Natch54

It's curious, it could be a problem on Facebook's part, but it's really strange that you haven't received any notifications if you've activated them...

Natch54

And now my other Facebook account (for selling) is infected too, I haven't used it since, I clicked on nothing and I don't use
any apps on this one, I don't understand anything!!!

Réponse 16 / 44

aelita21 Posted messages 3 Status Membre

Hello, like all of you, I've been having the same virus problem for almost a month now. My PC is clean, and I've disabled all the applications. The message has reappeared this time offline (I thought it only happened when my session was active...)

Anyway, I don't know what to do anymore...

anamoyme

Since the beginning, my posts have only been published when I am not connected (and even with the internet turned off...) it calmed down for a month or two and now it has started again, and the connection request doesn't prevent posts from being published, it just adds extra steps every time I connect.
I disabled all the applications on my account but it's back, I don’t know how because notifications are still disabled....

Réponse 17 / 44

FaYkeOne Posted messages 3 Status Membre

Hello, same issue here. Personally, it started when I connected to the internet in New Caledonia in Nouméa!
I installed the latest version of Mozilla, and if I remember correctly, it probably started acting up around that time :/
I also have a new phone, Wiko, I don't know if that's the problem, I removed FB and Messenger from the phone.
And like everyone, I've done all the antivirus, malware, CCleaner tests, etc., and it's all clean.
Could trying Chrome change the situation?
It's annoying, I'm getting banned from some important groups...

Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention 24 710

I don't see the connection with Mozilla; if you got it from the official website, that's just a coincidence.

Réponse 18 / 44

Luffy569 Posted messages 73 Status Membre 8

Resetting your devices :)

--

sy

as a last resort ;-)) but I would rather find another way

mecquinaplusfb Posted messages 5 Status Membre

I did that yesterday with my phone, it seems to be working. Don't forget to back up your photos, etc. ;)

Réponse 19 / 44

mecquinaplusfb Posted messages 5 Status Membre

Maybe a solution: I reset my iPhone (Erase all content and settings) and I haven't had the problem for 24 hours. (I had done everything on my computer and when I logged out of FB on my PC it continued, so I thought it was the phone!)

I'll let you know if it's a false hope! ;)

mecquinaplusfb Posted messages 5 Status Membre

Don't forget to back up the photos etc ;)

Mecqui aplusfb

Still no publication for me!

Réponse 20 / 44

RuleOfRose Posted messages 4 Status Membre

I haven't had it for two whole days.
Here's what I did:
Logged out on all devices.
When I logged back in, I got a Facebook message saying I might have been a victim of phishing or something like that. After that, there were a bunch of steps, and I set a more complex password.
From now on, I log out every time.
It might just be a coincidence, but I still don't have it for the moment.
It could also be something from Facebook.

Raoudha

Hello

Facebook account hacking with iPhone X links

44 réponses

Windows spotlight is not working.

Masked destination layer

Samsung j5 unable to answer

Scam of the suvedene highway

Only one of my iphone headphones works. what to do?

Mb to mb conversion and difference.

I have a philips tv breakdown: the screen is black.

File name too long

No sound with ps3 and hdmi

Wake up from sleep mode in windows 10.