Malicious browser extensions are hijacking Facebook accounts

By | May 14, 2013

Source: Help Net Security

sec41“Facebook users – especially those in Brazil – are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.

So far, only Chrome and Firefox extensions have been spotted.

Once installed, they try to update themselves, and they pick up a configuration file containing a list of commands (“Like” a page, Share, Post, Join a group, Invite friend to a group, Chat to Friends, Comment on a post”) from another website.

Once the user is logged into Facebook, the extension springs into action, and first posts a message with a link that supposedly takes other potential victims to a website offering a video, but probably asks them to install the extension masquerading as a “YouTube Player” or and update for Flash Player.” Read more here.

Leave a Reply