Facebook users targeted with account-hijacking Chrome extensions

With the steady rise in popularity of both Facebook and Google’s Chrome browser, cyber scammers have turned to targeting users of both.

According to Kaspersky Lab expert Fabio Assolini, Facebook users are constantly offered new “features” such as the possibility to change the color of their profile, to see who visited their profile and even to learn how to remove social media viruses:

To do that, they must follow a series of steps, which include installing a fake Adobe Flash Player Chrome extension.

While this trick is not new, this is the first time that the offered malicious extensions are hosted on the official Google’s Chrome Web Store.

The extensions in question allow scammers to gain complete control of the victim’s profile, and this allows them to use it to spread spam, “Like” specific pages and invite other users to download the same extension(s). The first two services are then offered – for a fee, of course – to companies that want to promote their profiles, gain more fans and visibility on Facebook.

“We reported this malicious extension to Google and they removed it quickly,” says the expert. “But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game.”