Bogus Chrome, Firefox extensions pilfer social media accounts

The extensions carry what could be a stolen digital signature, according to Trend Micro
  • (IDG News Service)
  • — 31 July, 2013 03:11

Trend Micro has found two malicious browser extensions that hijack Twitter, Facebook and Google+ accounts.

The attackers plant links on social media sites that, if clicked, implore users to install a video player update. It is a common method hackers use to bait people into downloading malicious software.

The bogus video player update lures people in a macabre manner: it says it leads to a video of a young woman committing suicide, according to Trend's description.

The video player update carries a cryptographic signature that is used to verify that an application came from a certain developer and has not been modified, wrote Don Ladores, a threat response engineer, with Trend.

"It is not yet clear if this signature was fraudulently issued, or a valid organization had their signing key compromised and used for this type of purpose," he wrote.

Hackers often try to steal legitimate digital certificates from other developers in an attempt to make their malware look less suspicious.

If the video update is executed, the malware then installs a bogus Firefox or Chrome extension depending on which browser the victim uses.

The malicious plugins try to appear legitimate, bearing the names Chrome Service Pack 5.0.0 and the Mozilla Service Pack 5.0. Ladores wrote that Google now blocks the extension that uses its name. Another variation of the extension claims it is the F-Secure Security Pack 6.1.0, a fake product from the Finnish security vendor.

The plugins connect to another website and download a configuration file, which allow them to steal the login credentials from a victim's social networking accounts such as Facebook, Google+, and Twitter. The attackers can then perform a variety of actions, such as like pages, share posts, update statuses and post comments, Ladores wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Topics: Google, security, trend micro, f-secure, mozilla
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?