Hackers Loading Fake Facebook Apps in Chrome Web Store

It's bad enough that consumers are downloading malware to their Android devices thanks to fake apps on Google Play. Now they have even more to worry about when browsing through the apps listed in Google's Chrome Web Store. It's no wonder the industry is trying to shift over to pure HTML5 -- it just doesn't seem safe to download and install anything anymore.

Kaspersky Lab reports that cybercriminals are uploading malicious Chrome browser extensions to the Chrome Web Store that will hijack the end-user's Facebook account. These extensions claim to allow the user to change the color of their profile pages, remove social media viruses, track profile visitors and more. But instead they hand over complete control of the Facebook account to hackers which in turn can be used to spam friends and family with links to legit-looking web pages with malware lurking under the surface.

In a blog posted on Friday, Kaspersky Lab expert Fabio Assolini said he has observed an increase in the number of Facebook scams using malicious Chrome extensions. The current "epidemic" originates in Brazil where Chrome has become one of the most popular web browsers, and where Facebook has become to most popular social network, toppling Orkut.

The blog focuses on the Chrome extension which pretends to remove viruses from Facebook accounts. It starts as a Facebook page detailing how to remove a virus. Click on the link, and users go straight to an extension located on Google's Chrome Web Store. Thing is, the malicious extension presents itself as "Adobe Flash Player." v12.1.102.55. Once installed, the malware gains complete control of the Facebook profile by downloading a script file.

"The script file has instructions to send commands to the victim’s Facebook profile, such as spreading a malicious message, inviting more users to install the fake extension," Assolini said. "The script also has commands to use the profile of the victim to 'Like' some pages."

Ok, so sending spam to friends and family isn't exactly ideal, but who cares if your hijacked account starts "linking" other pages, right? There's more to it than a simply press of a virtual button.

"They have total control of the victim’s profile, so they created a service to sell 'Likes' on Facebook, especially focused for companies that want to promote their profiles, gaining more fans and visibility," he explains. "Of course, to sell the 'Likes' they use the profile of the victims."

Called Trojan.JS.Agent.bxo, Kaspersky first detected the malicious extension back on March 6 when it was distributed in a similar attack. Most of the victims resided in Brazil and Portugal, but there were a handful that fell prey to the extension here in the States before Google pulled the malware from its Chrome Web Store.

"We noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game," he said which apparently is what is happening now with the new Facebook-focused attack. "Be careful when using Facebook. And think twice before installing a Google Chrome extension."

TOPICS

Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then, he’s loved all things PC-related and cool gadgets ranging from the New Nintendo 3DS to Android tablets. He is currently a contributor at Digital Trends, writing about everything from computers to how-to content on Windows and Macs to reviews of the latest laptops from HP, Dell, Lenovo, and more. 

  • maga
    never heard of "Chrome Web Store'' !!
    Reply
  • agnickolov
    It's no wonder the industry is trying to shift over to pure HTML5 -- it just doesn't seem safe to download and install anything anymore.
    In reality, HTML5 would make it even easier to do all those things to a site like Facebook...
    Reply
  • irish_adam
    people are stupid, i wouldnt install an extension or even apps to my phone if it didnt at least have a couple of thousand comments i could read though to make sure it worked and just did as it was meant to
    Reply
  • john15v16
    It's no wonder the industry is trying to shift over to pure HTML5

    Seriously, does the writer of this article have any grasp or understanding of HTML5 (or just plain web) technology?

    As agnickolov said
    In reality, HTML5 would make it even easier to do all those things to a site like Facebook...


    Very true..
    Reply
  • bigdragon
    I love Google's open store concept, but the problem this article speaks to is huge. There is a ton of crap in the Chrome Web Store. Just run a search for Angry Birds. Dozens of illegitimate extensions will show up right along with the one that is legitimate. Something should be done. I think Google should create some sort of verified status to highlight known safe and legitimate extensions and apps. I think that would help without breaking the open nature of the store.
    Reply
  • nurgletheunclean
    If Firefox can do a virus scan on every downloaded file you would think Google marketplace/Play store, could do something similar with uploaded apps. Seems like they could throw out anything with a mild heuristics threat detection.
    Reply