BitDefender reports that a Google Chrome app will steal info from users and create numerous blogs using their Gmail address.
Security firm BitDefender is warning Google Chrome users to steer away from an app that promises to change the color of Facebook accounts. Thing is, the company doesn't identify the app by name, so Chrome users may want to steer clear of all apps that promise to change Facebook's background.
According to the firm, the unnamed app displays a large Google Ads banner once the it's installed from Google's Chrome Web Store. This ad promotes a "work from home" scheme that offers the user loads of cash while working in their pajamas. A "sign up" link is even provided for those interested in a new career of couch-based employment.
However, this link leads to a malicious website that grabs credentials and other sensitive data from Google Chrome. This data is then used to create dozens of blogs registered to the victim's' Gmail address. These blogs are used to further disseminate the scam, BitDefender said
"Scammers gave a new twist to the old change-your-Facebook-color scheme that's been luring users to fraudulent websites to grab credentials and other sensitive data," said Catalin Cosoi, chief security strategist, Bitdefender. "By creating dozens of blogs for a single account, the scam spreads like wildfire among Facebook friends."
The scam has gotten so big, it's generated a huge number of hits in the United States, the United Kingdom, Germany, Spain, Romania, and other countries. And it doesn't just create blogs – the sinister Chrome app will also post wall messages on the victim's' Facebook account.
"The messages use friend tagging to convince the victim's friends to visit the blog domains. Each time the app posts on a users' timeline, it links to one of the auto-generated blogs to avoid blacklisting," the company said on Friday.
Naturally BitDefender is encouraging users to install an antivirus solution, and to use the free Safego application which protects Facebook and Twitter accounts from scams, spam, malware and private data exposure. But what's really unfortunate is that apps like this even make it into the Chrome Web Store in the first place.
Two weeks ago, my laptop acted funny until AVG Free detected two java exploits.
It later turned out my school's website was hacked.
No software is ever secure. At least Google is trying, unlike...
-MS with their IE6 (still commonly used)
-Apple and its iOS (remember the malware incidents?)
-Citibank losing 200,000 accounts to a URL exploit (Change the URL's last few numbers, enter into a random account. Now toss in a random number generator and hilarity ensues: http://consumerist.com/2011/06/14/how-hackers-stole-200000-citi-accounts-by-exploiting-basic-browser-vulnerability/ )
Not sure if trolling or just stupid.
This is not a security hole in Chrome, it's a malicious app that people are downloading. If Google were to audit these apps, it would become like Apple and its iStuff, which is a loss for everybody. The point is that you can always install any app you want, and are not restricted to only ones approved by some company. Freedom has its costs. If you aren't intelligent enough for freedom, buy a Mac.