Cybercriminals hijack Facebook accounts with rogue Chrome extensions

Photo credit: Pan Xunbin/
Photo credit: Pan Xunbin/

Malicious browser add-ons and extensions are not new, but putting them in the official Chrome Web Store is making it easier for cybercriminals to pass them off as legitimate Chrome extensions.

Scammers typically place ads on Facebook claiming the malicious extensions will enable users to do things like change the color of their profile or discover who visited their profile.

Once installed, however, the extensions give cybercriminals control over the user's Facebook account, enabling them to use it to spam all contacts with malware.

The malware also automatically "likes" certain Facebook pages as part of a pay-per-like scheme set up by the cybercriminals to generate revenue.

Google has removed malicious extensions reported by security firm Kaspersky Lab, but the firm's security researcher Fabio Assolini said malicious extensions are uploaded by criminals regularly.

Kaspersky Labs discovered the scams in Brazil. Most are written in Portuguese, but security researchers say it would be easy to translate them into other languages.

Assolini said the reason the scam surfaced in Brazil is that Google Chrome has been the most popular browser there since November 2011 and Facebook is the most popular social network.

"These two facts are enough to motivate Brazil’s bad guys to turn their attentions to both platforms," he wrote.

Assolini advises caution when using Facebook. "And think twice before installing a Google Chrome extension," he said.

This story was first published by Computer Weekly

What’s hot on Infosecurity Magazine?