News

Cyber criminals hijack Facebook accounts with rogue Chrome extensions

Warwick Ashford

Cyber criminals are planting malicious Google Chrome extensions that hijack Facebook accounts in the official Chrome Web Store.

Malicious browser add-ons and extensions are not new, but putting them in the official Chrome Web Store is making it easier for cyber criminals to pass them off as legitimate Chrome extensions.

Scammers typically place ads on Facebook claiming the malicious extensions will enable users to do things like change the colour of their profile or discover who visited their profile.

Once installed, however, the extensions give cyber criminals control over the user's Facebook account, enabling them to use it to spam all contacts with malware.

The malware also automatically "likes" certain Facebook pages as part of a pay-per-like scheme set up by the cyber criminals to generate revenue.

Google has removed malicious extensions reported by security firm Kaspersky Lab, but the firm's security researcher Fabio Assolini said malicious extensions are uploaded by criminals regularly.

Kaspersky Labs discovered the scams in Brazil. Most are written in Portuguese, but security researchers say it would be easy to translate them into other languages.

Assolini said the reason the scam surfaced in Brazil is that Google Chrome has been the most popular browser there since November 2011 and Facebook is the most popular social network.

"These two facts are enough to motivate Brazil’s bad guys to turn their attentions to both platforms," he wrote.

Assolini advises caution when using Facebook. "And think twice before installing a Google Chrome extension," he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy