Facebook ‘Like’ Scam Driven by Malicious Chrome Extension

A Kaspersky Lab researcher has discovered a Brazilian social engineering campaign that attempts to trick Facebook users into installing a malicious plug-in hosted on Google’s Chrome Web Store.

A Kaspersky Lab researcher has discovered a Brazilian social engineering campaign that attempts to trick Facebook users into installing a malicious plug-in hosted on Google’s Chrome Web Store.

The Facebook scam-page solicits victims by promising to teach them how to “remove the virus from their Facebook profile.” Securelist claims that the application has 923 users, according to a post by researcher Fabio Assolini.

Users are asked (in Portuguese) to, “1) Click on install app, 2) click on allow or continue, and, 3) click on install now.” Users that decide to click “Install aplicativo” are redirected to the legitimate Chrome Web Store where a malicious extension masquerades as Adobe Flash Player, Assolini wrote. 

Once the extension is installed it has complete control of a user’s profile. It then sends messages to that user’s ‘Friends,’ encouraging them to install the malicious extension themselves. The app also sends out commands that make its victims’ profiles ‘Like’ certain pages. This is the point. The scammers have created a service of selling ‘Likes’ to companies trying to promote their profiles on Facebook.

The scam has been reported to Google, but Assolini notes that the scam’s administrators are well-aware of such reports and upload new extensions regularly.

This isn’t the first time that malicious applications have turned up in one of Google’s online marketplaces. There were numerous outbreaks of DroidDream, a Trojan horse program for the Android phone, and other kinds of malware, including so-called SMS Trojans, have been spotted on the Android Marketplace in the last year and removed by Google. 

You can read the entire Securelist report here.

This isn’t the first time that one of Google’s online marketplaces was found to have been infiltrated by malicious code. In December, Google was forced to remove a number of applications from its Android Market after there were discovered to be acting as SMS Trojans, which send text messages to premium numbers. That followed a number of outbreaks earlier in 2011 of malicious applications within the Marketplace. They include more than one outbreak of the DroidDream Trojan horse application and the Plankton malicious application for Android mobile phones. 

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.