Facebook Fan Check Virus scare leads to malware

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Beware of Googling (or indeed Yahooing or Binging or using any other internet search engine) for information about something called “Facebook Fan Check Virus”, as you’re likely to end up on a website hosting malicious code.

Watch this YouTube video for an explanation:

[youtube=http://www.youtube.com/watch?v=OiO8CBGfLFA&hl=en&fs=1&rel=0]

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

The phrase “Facebook Fan Check Virus” is currently a hot trending topic on Google, with many net users searching for information.

Sign up to our free newsletter.
Security news, advice, and tips.

However, hackers have set up websites pretending to be about the “Facebook Fan Check Virus”, but which really host fake anti-virus software which display bogus warnings about the security of your computer in an attempt to get you to install fraudulent software and cough-up your credit card details.

Facebook Fan Check search results

The bogus warnings look near identical to previous fake anti-virus software attacks that we have seen in the past – with a scrolling green progress bar and a list of alleged threats found on your computer displayed in a dramatic red colour scrolling up.

I visited one of the sites on my Apple Mac running Safari (see screenshots below) and was bemused to see the fake anti-virus told me that my laptop was infected with a number of threats that only infect Windows computers.

Fake anti-virus warnings. Click for larger version

Fake anti-virus software alerts are displayed if you visit pages which claim to be about the Facebook Fan Check Virus

Sophos’s web-filtering products detect the malicious webpages proactively as Mal/FakeAvJs-A. The analysts in SophosLabs are analysing the fake anti-virus malware downloaded by these sites, and will be issuing detection as Troj/FakeAV-ZT.

So, the obvious question is – why would you be searching for the phrase “Facebook Fan Check Virus” in the first place?

Well, it seems that Facebook users have got themselves in a tizzy about an application called Fan Check.

Facebook Fan Check application

We haven’t been able to confirm that the Fan Check application (also known as Stalker Check or FanCheck) is malicious in itself, although some Facebook users appear to be concerned that it might be behaving inappropriately. However, what is definitely happening is that fear about the application is leading internet users into danger.

Rather like the “Error Check System” application which raised concerns on Facebook in February, online rumours about Fan Check’s secret agenda is causing thousands of people to turn to the internet for further information – leading them straight into a trap set up by cybercriminals.

If you’re a regular user of Facebook, be sure to join the Sophos page on Facebook to be kept informed of the latest security threats.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.