Malicious Chrome Extensions Targeting Facebook

Researchers from Kaspersky Lab have found examples of malicious Chrome applications targeting Facebook users in Brazil. The attack use several methods to entice users to install the malware, and despite Google’s best efforts, the criminals behind the attack keep getting new variants into the Chrome Web Store.

Kaspersky says that from what they’ve observed, the attack is likely motivated by the numbers game, because in Brazil Chrome is the most popular browser, and Facebook is the number one social networking platform. The attacks are spreading via malicious extensions, some of them hosted in the Chrome Web Store.

So far, applications related to changing the color of a user’s profile, monitoring who is viewing their profile, and learning “how to remove the virus from your Facebook profile” are just some of the themes used in what Kaspersky calls a massive attack.

“The malicious extension presents itself as Adobe Flash Player,” Kaspersky’s Fabio Assolini explained in a blog post. “After installation, the malicious extension can gain complete control of the victim’s profile…”

The script file allows complete control over the victim’s Facebook profile, leading to malicious wall posts and forced Likes. The Likes appear to be the main goal of the attack, as the criminals behind it are selling them to companies looking to boost brand awareness.