Cybercriminals
are uploading malicious Chrome browser extensions to the official
Chrome Web Store and use them to hijack Facebook accounts, according to
security researchers from Kaspersky Lab. The rogue extensions are
advertised on Facebook by scammers and claim to allow changing the color
of profile pages, tracking profile visitors or even removing social
media viruses.
“This
last one caught our attention not because it asks the user to install a
malicious extension, but because the malicious extension is hosted at
the official Google's Chrome Web Store. If the user clicks on ‘install
application’ he will be redirected to the official store. The malicious
extension presents itself as “Adobe Flash Player”, wrote Fabio Assolini. "Be careful when using Facebook. And think twice before installing a Google Chrome extension," he adds.
Uploading multiple rogue
extensions on the Chrome Web Store and running several Facebook spam
campaigns to advertise them allows attackers to quickly compromise
thousands of accounts. The malware operates in much the same way as
other Facebook scams, such as inviting friends to install it, however
the purpose of the highjacking accounts is to generate fraudulent
"Likes" which are sold for about US$27 per 1,000.
Now, the extension Assolini
found was concentrated in Brazil, where Chrome enjoys 45% of the browser
market and Facebook is by far the most popular social network. That
does not, however, mean that the problem is isolated to Brazil. The
malicious extension was installed in numerous countries, including the
U.S. With these potential security risks in mind, "Think twice before installing a Google Chrome extension".
0 comments:
Post a Comment