Sign in with
Sign up | Sign in

Hackers Loading Fake Facebook Apps in Chrome Web Store

By - Source: Kaspersky Lab | B 6 comments

These Chrome extensions hosted by Google will take control of your Facebook account to send spam and sell "likes."

It's bad enough that consumers are downloading malware to their Android devices thanks to fake apps on Google Play. Now they have even more to worry about when browsing through the apps listed in Google's Chrome Web Store. It's no wonder the industry is trying to shift over to pure HTML5 -- it just doesn't seem safe to download and install anything anymore.

Kaspersky Lab reports that cybercriminals are uploading malicious Chrome browser extensions to the Chrome Web Store that will hijack the end-user's Facebook account. These extensions claim to allow the user to change the color of their profile pages, remove social media viruses, track profile visitors and more. But instead they hand over complete control of the Facebook account to hackers which in turn can be used to spam friends and family with links to legit-looking web pages with malware lurking under the surface.

In a blog posted on Friday, Kaspersky Lab expert Fabio Assolini said he has observed an increase in the number of Facebook scams using malicious Chrome extensions. The current "epidemic" originates in Brazil where Chrome has become one of the most popular web browsers, and where Facebook has become to most popular social network, toppling Orkut.

The blog focuses on the Chrome extension which pretends to remove viruses from Facebook accounts. It starts as a Facebook page detailing how to remove a virus. Click on the link, and users go straight to an extension located on Google's Chrome Web Store. Thing is, the malicious extension presents itself as "Adobe Flash Player." v12.1.102.55. Once installed, the malware gains complete control of the Facebook profile by downloading a script file.

"The script file has instructions to send commands to the victim’s Facebook profile, such as spreading a malicious message, inviting more users to install the fake extension," Assolini said. "The script also has commands to use the profile of the victim to 'Like' some pages."

Ok, so sending spam to friends and family isn't exactly ideal, but who cares if your hijacked account starts "linking" other pages, right? There's more to it than a simply press of a virtual button.

"They have total control of the victim’s profile, so they created a service to sell 'Likes' on Facebook, especially focused for companies that want to promote their profiles, gaining more fans and visibility," he explains. "Of course, to sell the 'Likes' they use the profile of the victims."

Called Trojan.JS.Agent.bxo, Kaspersky first detected the malicious extension back on March 6 when it was distributed in a similar attack. Most of the victims resided in Brazil and Portugal, but there were a handful that fell prey to the extension here in the States before Google pulled the malware from its Chrome Web Store.

"We noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game," he said which apparently is what is happening now with the new Facebook-focused attack. "Be careful when using Facebook. And think twice before installing a Google Chrome extension."

Display 6 Comments.
This thread is closed for comments
  • -6 Hide
    maga , March 27, 2012 5:26 AM
    never heard of "Chrome Web Store'' !!
  • 7 Hide
    agnickolov , March 27, 2012 5:34 AM
    Quote:
    It's no wonder the industry is trying to shift over to pure HTML5 -- it just doesn't seem safe to download and install anything anymore.

    In reality, HTML5 would make it even easier to do all those things to a site like Facebook...
  • 6 Hide
    irish_adam , March 27, 2012 6:31 AM
    people are stupid, i wouldnt install an extension or even apps to my phone if it didnt at least have a couple of thousand comments i could read though to make sure it worked and just did as it was meant to
  • 3 Hide
    john15v16 , March 27, 2012 6:38 AM
    Quote:
    It's no wonder the industry is trying to shift over to pure HTML5


    Seriously, does the writer of this article have any grasp or understanding of HTML5 (or just plain web) technology?

    As agnickolov said
    Quote:
    In reality, HTML5 would make it even easier to do all those things to a site like Facebook...


    Very true..
  • 4 Hide
    bigdragon , March 27, 2012 4:49 PM
    I love Google's open store concept, but the problem this article speaks to is huge. There is a ton of crap in the Chrome Web Store. Just run a search for Angry Birds. Dozens of illegitimate extensions will show up right along with the one that is legitimate. Something should be done. I think Google should create some sort of verified status to highlight known safe and legitimate extensions and apps. I think that would help without breaking the open nature of the store.
  • 4 Hide
    nurgletheunclean , March 27, 2012 5:30 PM
    If Firefox can do a virus scan on every downloaded file you would think Google marketplace/Play store, could do something similar with uploaded apps. Seems like they could throw out anything with a mild heuristics threat detection.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter