The scam is limited to French users, so far, who have complained about malicious spam landing in their private message inboxes, purporting to be from network contacts.

Once recipients see the message from a contact, who may likely be compromised by this same social engineering tactic, and click the link, they then receive a notification asking them to install a Chrome browser extension, which is actually the Eko malware. Affected user accounts then send similar messages to all their Facebook Messenger contacts.

Facebook said that it is mitigating this threat, and the Interior Ministry in France already warned contacts on Facebook about Eko. Users who are affected are advised to uninstall the extension and change their passwords, specifically on Facebook and other protected accounts they may have accessed.