Chrome, Firefox users targeted with account-hijacking plugins

Hijacked social networking accounts can be monetized in a number of ways, so cyber crooks are always thinking up new ways of doing so, preferably without the user noticing.

Trend Micro researchers have recently spotted a new campaign aimed at Facebook who are also users of Chrome and / or Firefox.

The lure is a link which apparently points to a video of a young woman committing suicide, and is delivered via Facebook posts. Users that can’t resist this macabre inducement and follow the link are asked to download and install a fake video player update in order to view the video.

Unfortunately for them, the file is malicious and it’s goal is to install a Chrome of Firefox browser plugin – depending on which browser is in use.

The plugins continue to masquerade as browser “service packs” or as an “F-Secure Security Pack”:

But what they actually do is download a configuration file from a remote server, which allows and instructs the plugins to hijack the user’s social media accounts on Facebook, Google+, and Twitter, and post updates, like pages, share and comment posts, join a group, invite others to it, chat with friends, and so on.

Interestingly enough, the offered malware is digitally signed. “It is not yet clear if this signature was fraudulently issued, or a valid organization had their signing key compromised and used for this type of purpose,” notes researcher Don Ladores, but this can be enough for some users to be convinced of the legitimacy of the plugins.

Users are advised to exercise extreme caution when clicking on random links, especially when they incite such interest in them. Those who have fallen for the trick are advised to remove the plugins from the browser (via the Settings or Preferences menu) and to change the passwords on their social networking accounts.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss