It’s so bad that users download Non to their Android devices due to fake apps on Google Play. They are now more worried when browsing apps listed in the Google Web Store Chrome. Unsurprisingly, the industry is trying to move to pure HTML5 – it doesn’t seem safe to download and install again.
Kaspersky Lab reports that cybercriminals are uploading inappropriate browser extensions to the Chrome Web Store, which will hijack the end user’s Facebook account. These extensions claim to allow the user to change the color of their profile pages, remove social media viruses, track profile visitors, and more. But instead, they entrust full control of Facebook accounts to owners, which can be used to heal friends and family, and links to legitimate and fake web pages.
In a blog post published on Friday, Kaspersky Lab expert Fabio Assolini said he saw an increase in Facebook fraudulent activities using Chrome add-ons. The current “tragedy” is in Brazil, where Chrome has become one of the most popular web browsers, and Facebook has become a popular social network, dropping Orkut.
The blog focuses on a Chrome extension that pretends to remove viruses from Facebook accounts. It starts as a Facebook page that describes how to remove the virus. Click on the link, and users will be taken directly to the Google Web Store extension. The point is that the lousy extension offers itself as “Adobe Flash Player. And” V184.108.40.206. Once installed, the malware takes full control of the Facebook profile by downloading the document file.
“The document file contains orders to send orders to the victim’s Facebook profile, such as spreading bad messages, inviting more users to install the fake extension,” Azzolini said. “The document also contains commands to use the victim’s profile to” like “other pages.”
So, sending spam emails to friends and family isn’t the same, but who cares if your stolen account starts “connecting” to other pages, right? There is more than just the click of a regular button.
“They have complete control over the victim’s profile, so they created a service to sell ‘likes’ on Facebook, especially companies that want to promote their profile, get more fans and become famous,” he explains. “The sale ‘likes’ uses the victim’s profile.”
Called Trojan.JS.Agent. Box, Kaspersky, first discovered the wrong extension on March 6 when split into such an attack. Many victims remained in Brazil and Portugal, but a few people fell for the expansion here in America before Google pulled malware from its Chrome web store.
“We found the bad guys behind this bad plan to download new extensions from time to time, in the game of cats and rats,” he said, what is happening now with Facebook’s new attack. “Be careful when using Facebook. And think twice before installing the Google Chrome extension.”