A piece of malware masquerading as a Facebook video is hijacking users’ Facebook accounts and Web browsers.
Posted Nov. 1, 2013
A piece of malware masquerading as a Facebook video is hijacking users’ Facebook accounts and Web browsers. The malware appears as a link in an email or Facebook message telling people they have been tagged in a Facebook post. When users go to Facebook and click the link, they are sent to a separate website and prompted to download a browser extension or plug-in to watch a video. Once that plug-in is downloaded, the attackers can access everything stored in the browser including accounts with saved passwords.
This malware is spreading rapidly and replicating itself primarily by hijacking victims’ Facebook accounts and reaching out to their friends on the social network. A user hit by the malicious software cannot easily remove it, since it blocks access to the browser settings that allow it to be removed and also blocks access to many sites that offer virus removal software.
This is not the first instance of an attack through a browser extension, which is a bit of software that allows a browser to perform specific functions, much like an app does for a smartphone. But this attack appears to be one of the most extensive to use the technology.
Security experts remind users that just as you shouldn’t click on email attachments from unknown sources, you shouldn’t click “accept” to install a plug-in from an unknown site. Only install legitimate software from well-known websites you trust.