bill-swift - March 31, 2012
The popularity of Facebook is one of the reasons why hackers and cybercriminals continue to launch attacks against its users. Most of these scams take advantage of human curiosity, where a single click might lead to the account getting compromised, like the Facebook Fake Rollercoaster Accident scam and the "Do You Remember this Photo?" scam.
These types of scams are becoming easier to spot, though, so hackers have moved on to a more clever strategy: inserting their malicious code into seemingly legitimate Google Chrome extensions. The worst part is that most users would automatically trust these browser add-ons, since they're actually hosted on Google's official Chrome web store.
Cybercriminals are advertising these extensions as being able to do a implement a whole bunch of customizations that are obviously not possible on the social network, like "Change the color of your profile" or "Discover who visited your profile" or "Learn how to remove the virus from your Facebook profile."
The hackers will gain full control of your Facebook account once the compromised extensions have been installed. Your account will then be used to post spammy links and messages to try to convince your friends to download it as well. The rogue extensions have since been taken down after they were reported to Google.
"We reported this malicious extension to Google and they removed it quickly. But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game. Be careful when using Facebook. And think twice before installing a Google Chrome extension."
-- Fabio Assolini, Kaspersky Lab Expert
Aside from that, these malicious extensions also come in the form of well-known add-ons like Adobe's Flash Player. The attacks were said to have mostly affected Portuguese-speaking Chrome and Facebook users, since the extensions themselves were written in Portuguese. It won't be long before these scams are translated and ported over to the United States, though, so it's best to avoid installing extensions of any sort--for your privacy's sake.
Article by Hazel Chua
Gigadgetry: Cool Gadgets, Tech News, Quirky Devices