No, the warnings about the 'Mexico did it' virus aren’t legitimate

Several VERIFY viewers asked about Facebook posts that claim an image is going to be shared that will put a virus on your phone. There’s no evidence this exists.
Credit: VERIFY

Several readers emailed and texted VERIFY asking about a Facebook post that warns people of a possible virus embedded in an image file that could infiltrate your phone. The Facebook warning claims an image file with the name “Mexico did it” is going to be shared online. The full text of the chain message reads: 

“URGENT ALERT- WARNING ‘They’ are going to publish an image that shows how Covid 19 is cured in Mexico and it is called ‘Mexico did it’, do not open it because it enters the phone in 5 seconds and it cannot be stopped in any way. IT IS A VIRUS. Pass it on to your friends and family. Now they also said it on CNN and BBC. DO NOT OPEN IT.”

VERIFY found several examples of the warning shared across Facebook

THE QUESTION

Are the warnings about the “Mexico did it” virus legitimate?

THE SOURCES

  • Gianluca Stringhini, an associate professor in the Department of Electrical and Computer Engineering at Boston University
  • Cybersecurity company Fortra
  • Review of Facebook posts with similar text
  • Review of CNN and BBC reports and social media
  • CNN spokesperson Lauren Cone

THE ANSWER

This is false.

No, the warnings about the “Mexico did it” virus aren’t legitimate. These posts date back to at least 2021 and VERIFY was unable to find any reports indicating that the specific virus ever existed.

Sign up for the VERIFY Fast Facts newsletter here.  

WHAT WE FOUND 

While investigating these claims, VERIFY found that while phones can be infected with images containing a virus, there is no evidence this specific virus has ever existed. This type of Facebook post has been shared for years in different forms and CNN confirmed they never reported on it, as the post claims.

These types of Facebook posts are known as copypasta memes or posts, which is internet slang for a block of text that gets copied and pasted repeatedly. VERIFY found this particular post has been shared online for years. One of the earliest instances VERIFY found was posted on July 21, 2021. 

“Posts like this have been happening since the inception of social media. In most cases people share them thinking that they are legitimate,” Gianluca Stringhini, an associate professor in the Department of Electrical and Computer Engineering at Boston University, told VERIFY. He added that copypasta posts are of the “too crazy to be true” kind, encouraging users to click on them and re-share them, even if they aren’t legitimate. 

VERIFY looked through CNN and BBC’s websites and social media accounts and found no evidence that either news agency has ever reported about the claims seen in the viral Facebook posts. 

In an email to VERIFY, CNN spokesperson Lauren Cone confirmed there has never been any reports about this malware. VERIFY reached out to the BBC and did not hear back at the time of publishing.

These Facebook posts have also been fact-checked before. In 2021, fact checking organizations Snopes and Maldita debunked the claims. USA TODAY published a fact-check about these posts on Sept. 19, also finding them to be false.

In principle, it is possible to infect a phone with malware by sharing a photo, and this has happened very recently, Stringhini told VERIFY. In early September, a Washington D.C.-based firm was hit with an attack where people’s iPhones were infected with spyware contained inside images.

This type of attack was known as a “zero-click attack,” according to cybersecurity company Fortra. 

“That's an attack that doesn't require any interaction from the user. Oftentimes a malicious hacker requires a user to open an attached file, or visit a dangerous web link, in order to activate an attack. With a zero-click attack, the user doesn't have to do anything,” Fortra says.

In the September attack, attachments containing images were sent from an attacker's iMessage account to their intended victim. Full details have not yet been released, but iPhones running iOS 16.6 were vulnerable to “the boobytrapped images,” Fortra said.

But, Stringhini told VERIFY these types of attacks are “quite rare” and are typically high profile attacks that are “unlikely to be unleashed on regular users.”

After VERIFY investigated the validity of the claim seen in the viral posts, we looked for other instances of this specific post being shared online. We searched for different keywords contained in the post – specifically the words “and it cannot be stopped in any way.”

That led us to several other posts that are similar in nature – claiming that a file is being shared that would infect a phone. But the details about the file and the location are different.

“I was asked to pass this on… They are going to start circulating a video on WhatsApp that shows how the Covid19 curve is flattening in Argentina. The file is called "Argentina is doing it", DO NOT OPEN it or see it, it hacks your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. CNN has confirmed this,” a Facebook post from 2020 says.

In 2021, The Independent, a British online magazine, wrote about the “Argentina is doing it” posts, saying it’s a hoax message that was also spread on WhatsApp.

VERIFY found another post that has nearly identical language, but this time the location was India and the claim said a video would be shared, not an image file.

“They are going to start circulating a video on WhatsApp that shows how the Covid19 curve is flattening in India. The file is called ‘India is doing it’, do not open it or see it, it hacks your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. Information about this also on TV news,” the posts say.

In 2020, Indonesian fact-checking website Kompas published an article about these claims, calling it a hoax.

Another series of posts say photos are being shared on messaging app WhatsApp of the Moroccan earthquake that contain a virus. A magnitude 6.8 earthquake struck Morocco on Friday, Sept. 8.

“FYI URGENT notice, please pass this on…. A SOURCE just received this from Sgt.Victor Milian from Miami Dade PD from the RDSTF-Fusion Center. They are going to upload some photos of the Moroccan earthquake on WhatsApp. The file is called Seismic Waves CARD, don't open it or see it, it will hack your phone in 10 seconds and it can not be stopped in any way. Pass the information on to your family and friends,” the post says.  

So, we can VERIFY these aren’t credible threats or warnings. Experts say if you receive an unsolicited message, be wary of downloading any attachments. 

The VERIFY team works to separate fact from fiction so that you can understand what is true and false. Please consider subscribing to our daily newsletter, text alerts and our YouTube channel. You can also follow us on Snapchat, Instagram, Facebook and TikTok. Learn More »

Follow Us

Want something VERIFIED?

Text: 202-410-8808

Related Stories