Rogue Chrome extension racks up Facebook likes

Users of Google's Chrome browser may want to steer clear of this rogue extension: it can rack up Facebook "likes" for online bandits, a tech site reported Tuesday.

 

Researchers at security vendor Bitdefender said the rogue extension is installed via a new phishing scam, according to a report on PC World.

 

Bitdefender senior e-threat analyst Bogdan Botezatu said the scam starts with a malicious link in a spam email, which leads a victim to download a "business" Flash player from the Chrome Web Store.

Monitoring browser activity  

However, the rogue extension actually monitors the victim's browser activity, then fetches a Javascript code that tells the extension what to do with the victim's account.

 

"They can run as many campaigns as they want. All they have to do is fetch a new script," Botezatu said in an interview with PC World.

 

PC World said the script can use the victim's Facebook account to "spam your friends, post malicious links on your news feed and Timeline, and automatically 'like' pages without your knowledge."

 

"They can do anything that the user can do with their Facebook account," Botezatu said.

 

Also, PC World said n attacker can also steal a victim's Facebook cookies with the malicious extension, then the crook can use the cookies to access the victim's account from another computer.

 

On the other hand, the script can instruct compromised accounts to "like" specific pages.

 

"Once such page discovered by Bitdefender had more than 40,000 likes, although the page was devoid of content," PC World said.

 

Such "likes" racks up the pages' resale value on the Dark Net as they become more visible to Facebook users.

 

"On underground forums in Russia, a page with 100,000 likes sells for about $150,000 to $200,000," Botezatu said.

 

Also, a byte bandit who buys a page can rebrand it. Botezatu said they can make the page "look as if it's affiliated with a well-known brand."

 

Malicious links can also be posted to the page so all visitors who like the page will display those links on their own Facebook pages, he added.

 

Evading antivirus

 

Botezatu said an antivirus program may not be likely to detect such an infection unless the program also includes web filters.

 

"This kind of threat can persist in a browser for quite a long time," he said. — TJD, GMA News