Sign in with
Sign up | Sign in

Report: Chrome App Steals Identities, Then Creates Blogs

By - Source: BitDefender | B 13 comments

BitDefender reports that a Google Chrome app will steal info from users and create numerous blogs using their Gmail address.

Security firm BitDefender is warning Google Chrome users to steer away from an app that promises to change the color of Facebook accounts. Thing is, the company doesn't identify the app by name, so Chrome users may want to steer clear of all apps that promise to change Facebook's background.

According to the firm, the unnamed app displays a large Google Ads banner once the it's installed from Google's Chrome Web Store. This ad promotes a "work from home" scheme that offers the user loads of cash while working in their pajamas. A "sign up" link is even provided for those interested in a new career of couch-based employment.

However, this link leads to a malicious website that grabs credentials and other sensitive data from Google Chrome. This data is then used to create dozens of blogs registered to the victim's' Gmail address. These blogs are used to further disseminate the scam, BitDefender said

"Scammers gave a new twist to the old change-your-Facebook-color scheme that's been luring users to fraudulent websites to grab credentials and other sensitive data," said Catalin Cosoi, chief security strategist, Bitdefender. "By creating dozens of blogs for a single account, the scam spreads like wildfire among Facebook friends."

The scam has gotten so big, it's generated a huge number of hits in the United States, the United Kingdom, Germany, Spain, Romania, and other countries. And it doesn't just create blogs – the sinister Chrome app will also post wall messages on the victim's' Facebook account.

"The messages use friend tagging to convince the victim's friends to visit the blog domains. Each time the app posts on a users' timeline, it links to one of the auto-generated blogs to avoid blacklisting," the company said on Friday.

Naturally BitDefender is encouraging users to install an antivirus solution, and to use the free Safego application which protects Facebook and Twitter accounts from scams, spam, malware and private data exposure. But what's really unfortunate is that apps like this even make it into the Chrome Web Store in the first place.

Contact Us for News Tips, Corrections and Feedback

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 12 Hide
    Anonymous , November 17, 2012 7:26 PM
    "the company doesn't identify the app by name". Just buy BitDefender. We'll protect you.
  • 11 Hide
    john15v16 , November 17, 2012 7:14 PM
    All should steer clear of facebook anyway..
Other Comments
  • 3 Hide
    eddieroolz , November 17, 2012 6:06 PM
    Google seriously needs to tackle the security breaches on their platform.
  • Display all 13 comments.
  • 7 Hide
    otacon72 , November 17, 2012 6:10 PM
    Google might want to oh I don't know patrol it's stores and market places for malware. Pretty sad actually.
  • 1 Hide
    killerclick , November 17, 2012 6:29 PM
    Apps... why not simply not use apps?
  • -1 Hide
    xpeh , November 17, 2012 6:37 PM
    I never use Facebook, nor have I installed any apps. My Chrome's javascript randomly stopped working. I decided to check my addons and found the Malicious app installed, but I didn't install it from the store.
  • 11 Hide
    john15v16 , November 17, 2012 7:14 PM
    All should steer clear of facebook anyway..
  • 12 Hide
    Anonymous , November 17, 2012 7:26 PM
    "the company doesn't identify the app by name". Just buy BitDefender. We'll protect you.
  • 2 Hide
    A Bad Day , November 17, 2012 7:42 PM
    xpehI never use Facebook, nor have I installed any apps. My Chrome's javascript randomly stopped working. I decided to check my addons and found the Malicious app installed, but I didn't install it from the store.


    Two weeks ago, my laptop acted funny until AVG Free detected two java exploits.

    It later turned out my school's website was hacked.
  • 3 Hide
    nebun , November 17, 2012 8:14 PM
    so much for chrome being the safest browser.....FAIL
  • 2 Hide
    A Bad Day , November 17, 2012 8:55 PM
    nebunso much for chrome being the safest browser.....FAIL


    No software is ever secure. At least Google is trying, unlike...

    -MS with their IE6 (still commonly used)

    -Apple and its iOS (remember the malware incidents?)

    -Citibank losing 200,000 accounts to a URL exploit (Change the URL's last few numbers, enter into a random account. Now toss in a random number generator and hilarity ensues: http://consumerist.com/2011/06/14/how-hackers-stole-200000-citi-accounts-by-exploiting-basic-browser-vulnerability/ )
  • 0 Hide
    -Jackson , November 18, 2012 2:12 AM
    Well, you can NEVER prevent stupidity, never have, and never will.
  • 0 Hide
    f-14 , November 18, 2012 4:27 PM
    don't have this problem because i don't use FaceCrap
  • 1 Hide
    chewy1963 , November 19, 2012 12:39 AM
    In the words of the great Ron White: " You can't fix stupid".
  • 1 Hide
    Anomalyx , November 19, 2012 4:55 PM
    eddieroolzGoogle seriously needs to tackle the security breaches on their platform.

    Not sure if trolling or just stupid.

    This is not a security hole in Chrome, it's a malicious app that people are downloading. If Google were to audit these apps, it would become like Apple and its iStuff, which is a loss for everybody. The point is that you can always install any app you want, and are not restricted to only ones approved by some company. Freedom has its costs. If you aren't intelligent enough for freedom, buy a Mac.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS