According to Kaspersky Lab expert Fabio Assolini, Facebook users are constantly offered new "features" such as the possibility to change the color of their profile, to see who visited their profile and even to learn how to remove social media viruses:
To do that, they must follow a series of steps, which include installing a fake Adobe Flash Player Chrome extension.
While this trick is not new, this is the first time that the offered malicious extensions are hosted on the official Google's Chrome Web Store.
The extensions in question allow scammers to gain complete control of the victim’s profile, and this allows them to use it to spread spam, "Like" specific pages and invite other users to download the same extension(s). The first two services are then offered - for a fee, of course - to companies that want to promote their profiles, gain more fans and visibility on Facebook.
"We reported this malicious extension to Google and they removed it quickly," says the expert. "But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.