Rogue Chrome extension hijacks Facebook accounts
Posted on 21.02.2013
Chrome users, beware of an extension by the name of "Business Flash Player".

According to Bitdefender senior e-threat analyst Bogdan Botezatu, the link to download it comes embedded in spam that hits the victims' inbox, and takes them to the Chrome Web Store page where it is offered.

The extension is capable of doing many things, and they are all bad.

It can monitor the victims' online activity, and when it detects that they are logged into Facebook (by checking the cookies), it fetches various JavaScripts through which the cyber crooks behind this campaign can make the victims' account do pretty much anything they want.

They typically use it to "Like" pages on the victims' behalf, post malicious links to other phishing campaigns, and send spammy messages to their friends.

Botezatu shared with PCWorld that some of these pages that the compromised accounts "like" have over 40,000 likes, despite the fact that they hold no content.

These pages then get sold on underground forums in Russia - for as much as $200 for a page with 100,000 likes - to people looking for a handy platform for pushing things like counterfeit goods onto unsuspecting users.

When they buy the page, they simply change the name and content to match the name of a popular and pricy brand.

The rogue extension is also capable of stealing Facebook cookies and use them to directly hijack the users' account.

Botezatu warns that AV software is unlikely to detect the extension as a rogue, unless it uses web filters.

The rogue extension has already been removed from the Chrome Web Store, but if you believe that you have fallen for this or a similar scheme, I suggest you first log out of Facebook, then manually remove the rogue plugin from your browser.

Next, log into Facebook again and change your password. Then proceed to clear your account: "unlike" pages that you know you haven't "liked" on purpose, go through your Timeline and remove messages you haven't posted yourself, and check whether the extension managed to send messages to your friends on your behalf - if it did, notify them about it.









Spotlight

People will do anything for free Wi-Fi

Posted on 30 September 2014.  |  A new Wi-Fi investigation conducted on the streets of London shows that consumers carelessly use public Wi-Fi without regard for their personal privacy.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //