New McDonald’s virus in Facebook infects your device using a discount coupon

It is a fact known to the vast majority of Internet users that unsafe websites are riddled with malicious advertisements and that might even contain malware, although many ignore that this kind of risk is also present on supposedly more secure platforms, claim experts from an information security training company.

A few months ago, security firm ESET detected a malicious campaign in which hackers used the image of popular companies (fast food chains, banking institutions, among others) to serve ads on Facebook; in fact, this advertisement contained a variant of malware known as Mispadu, a banking Trojan very active recently.

According to the information security training specialists, this malware is written in Delphi and has been identified in multiple attacks in Latin America. Mispadu has backdoor features, so once it infects a device it is able to take screenshots, record keystrokes, mimic legitimate clicks and even receive updates using a Visual Basic Script.

Although this malware has been active for almost a year, a massive campaign was recently detected on Facebook showing supposed discount coupons to use on McDonald’s, such as the one shown below:

Fake ad posted by hackers
SOURCE: ESET

There are clear indicators that this is a fake ad (such as the absence of the verification check next to the fanpage name), although millions of users might not realize this, the experts of the information security training company explain. Another factor that undoubtedly attracts the attention of users of the social network is the possibility to obtain an offer by simply clicking on the link.

Users who fall into the trap and click on the link will be redirected to a site hosted on Wix (cupon.mcdonalds.tech) that is in no way linked to the restaurant chain. It should be noted that the creators of this website took the time to post an identical copy of McDonald’s official website.

When the user clicks the GENERATE COUPON button, a zip file named Cupon-18002.zip is downloaded, which contains an MSI file and two Windows executables.

Below is a legitimate McDonald’s ad on Facebook; users can see the obvious differences between the company’s actual advertising and the posts made by the hackers.

Legitimate ad posted on Facebook
SOURCE: ESET

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.