Scammers are spreading JavaScript malware disguised as a Facebook comment tag notification.
A user will receive a notification in their app and/or in their email about a friend tagging them in a comment and, upon clicking the link, malware is downloaded to their device, according to Hackread.
Just downloading the file won't infect the device, but users could unknowingly infect their device by then clicking on the newly downloaded file, the publication said.
Currently the malware is only targeting Chrome and one analyst on the network question and answer site Stack Exchange said the file is a typical obfuscated JavaScript malware, which targets the Windows Script Host to download the rest of the payload.
“In this case, it downloads what appears to be mainly a Chrome Extension (manifest.json and bg.js), the autoit Windows executable, and some autoit scripts which likely include some form of ransomware,” he said.