Report: Chrome App Steals Identities, Then Creates Blogs

Security firm BitDefender is warning Google Chrome users to steer away from an app that promises to change the color of Facebook accounts. Thing is, the company doesn't identify the app by name, so Chrome users may want to steer clear of all apps that promise to change Facebook's background.

According to the firm, the unnamed app displays a large Google Ads banner once the it's installed from Google's Chrome Web Store. This ad promotes a "work from home" scheme that offers the user loads of cash while working in their pajamas. A "sign up" link is even provided for those interested in a new career of couch-based employment.

However, this link leads to a malicious website that grabs credentials and other sensitive data from Google Chrome. This data is then used to create dozens of blogs registered to the victim's' Gmail address. These blogs are used to further disseminate the scam, BitDefender said

"Scammers gave a new twist to the old change-your-Facebook-color scheme that's been luring users to fraudulent websites to grab credentials and other sensitive data," said Catalin Cosoi, chief security strategist, Bitdefender. "By creating dozens of blogs for a single account, the scam spreads like wildfire among Facebook friends."

The scam has gotten so big, it's generated a huge number of hits in the United States, the United Kingdom, Germany, Spain, Romania, and other countries. And it doesn't just create blogs – the sinister Chrome app will also post wall messages on the victim's' Facebook account.

"The messages use friend tagging to convince the victim's friends to visit the blog domains. Each time the app posts on a users' timeline, it links to one of the auto-generated blogs to avoid blacklisting," the company said on Friday.

Naturally BitDefender is encouraging users to install an antivirus solution, and to use the free Safego application which protects Facebook and Twitter accounts from scams, spam, malware and private data exposure. But what's really unfortunate is that apps like this even make it into the Chrome Web Store in the first place.

Contact Us for News Tips, Corrections and Feedback

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
    Your comment
    Top Comments
  • Anonymous
    "the company doesn't identify the app by name". Just buy BitDefender. We'll protect you.
  • john15v16
    All should steer clear of facebook anyway..
  • Other Comments
  • eddieroolz
    Google seriously needs to tackle the security breaches on their platform.
  • killerclick
    Apps... why not simply not use apps?
  • xpeh
    I never use Facebook, nor have I installed any apps. My Chrome's javascript randomly stopped working. I decided to check my addons and found the Malicious app installed, but I didn't install it from the store.