Facebook scammers host Trojan horse extensions on the Chrome Web Store

Rogue Chrome browser extensions have been used to gain persistent unauthorized access to Facebook accounts

Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab.

The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses, said Kaspersky Lab expert Fabio Assolini in a blog post on Friday.

Assolini has recently observed an increase in the number of Facebook scams that use malicious Chrome extensions and originate in Brazil.

Once installed in the browser, these extensions give attackers complete control over the victim's Facebook account and can be used to spam their friends or to Like pages without authorization.

In one case, a rogue extension masqueraded as Adobe Flash Player and was hosted on the official Chrome Web Store, Assolini said. By the time it was identified, it had already been installed by 923 users.

"We reported this malicious extension to Google and they removed it quickly," Assolini said. "But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game."

Uploading multiple rogue extensions on the Chrome Web Store and running several Facebook spam campaigns to advertise them allows attackers to quickly compromise thousands of accounts.

The accounts are then used to earn scammers money by Liking particular pages. The people behind these campaigns sell packages of 1, 10, 50 or 100 thousand Likes to companies who wish to gain visibility on Facebook.

The use of Trojan horse browser extensions to hijack accounts is not new, nor is the method specific to Google Chrome. However, it has several advantages over other techniques. For one, users are more likely to trust an extension distributed from the official Chrome Web Store for Chrome, or Mozilla's add-on repository for Firefox, than a clickjacking or phishing page. Few users are aware that browser extensions can intercept everything they do through the browser.

Security compromises based on rogue browser extensions are also more persistent than those based on password theft or other methods, because these extensions can piggyback on active sessions to perform unauthorized actions even if the account owners change their passwords or enable two-factor authentication.

"Think twice before installing a Google Chrome extension," Assolini said.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

12 Comments

gardening

1

Log cabins throughout the lake inside the Chicago neighborhood?

Whish

2

Excellent article. Keep writing such kind of
information on your blog. Im really impressed by your site.

Thanks for sharing your thoughts about Access control and authentication. Regards

Inda Zone

3

I have read so many posts about the blogger lovers however this piece of writing is in fact a pleasant paragraph,
keep it up.

volcom clothing

4

Good replies in return of this matter with firm arguments and telling
all about that.

spokesman

5

It's actually a cool and helpful piece of info. I am satisfied that you shared this helpful information with us. Please keep us up to date like this. Thanks for sharing.

describes it

7

I must say I liked the great post and this entire blog seems excellent.

I most certainly will be coming here for a second time
to see even more.

parfum

8

Hi there, just wanted to mention, I loved this
post. It was helpful. Keep on posting!

Wooden Garden Benches

10

Your way of describing the whole thing in this piece of
writing is in fact nice, all be able to effortlessly understand it, Thanks a lot.

alternative energy resources facts

11

Thanks for finally writing about >Facebook scammers host Trojan horse extensions on the Chrome Web Store - Access control and authentication, applications, browsers, Exploits / vulnerabilities, Facebook, Google, Identity fraud / theft, internet, Internet-based applications and services, malware, privacy, scams, security, social media, software, spyware - Good Gear Guide <Liked it!

come visit

12

Hello, I enjoy reading through your article post.

I wanted to write a little comment to support
you.

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?