Malicious Chrome Extension Harvests Users’ Accounts for Facebook ‘Likes’

Investigators from BitDefender the security company claim that there's one fresh phishing e-mail campaign, which plants one malevolent extension inside Chrome, when Web-surfers run the Google browser so cyber-criminals can cash in on Facebook 'likes.'

The attack reportedly starts when spammers send an unsolicited e-mail having one malevolent web-link, states Senior E-Threat Analyst Bogdan Botezatu of BitDefender. The web-link takes end-users onto the Chrome browser and makes them take down an extension with which one alleged commercial Flash player can be obtained presuming they're duped into following the spam web-links. Pcworld.com published this dated February 18, 2013.

Unfortunately, soon as the commercial edition of Flash gets pulled down, it intercepts the user's browser operations. If the user accesses the Facebook website through Google's Chrome, the malicious item examines his browser cookies for determining whether he's on Facebook. In case he is, it'll bring in a JavaScript, which instructs the extension so the latter can manipulate the user's account.

Botezatu states that the scammers can launch any number of campaigns only they've to get one fresh script each time.

Like always, they employ the script so the victims appear as 'liking' web-pages; embed malevolent web-links on more phishing e-mails; as well as dispatch spam mails to victims' pals.

Meanwhile, according to Botezatu, a few 'like' web-pages from the total, which the hijacked A/Cs show 'liking' to, consist of 40,000-or-more 'likes,' even though there's no content inside them. Help Net Security published this dated February 21, 2013.

The said web-pages subsequently are sold on Russian illegitimate sites at a price of $200/web-page having 100,000 'likes.' The buyers here are typically those seeking a convenient forum to thrust fake products onto gullible Internauts.

And whilst the purchase is made, the name as well as content are altered for matching them with some well-known as also costly brand. This kind of scam, says BitDefender, fetches a pretty good business for its perpetrators.

Conclusively as per Botezatu, while the threat can linger inside the browser over an elongated time-period, only that anti-virus can spot the infection which has web-filters inside it, reports gmanetwork.com dated February 21, 2013.

Related article: Malicious JavaScript Strikes Getting Smarter

» SPAMfighter News - 2/27/2013