Malicious browser plugins power the cybercriminal scheme
Kaspersky Lab experts warn that cybercriminals are targeting Brazilian Facebook users with a piece of Adware dubbed PimpMyWindow.Victims are lured with the old “change the color of your Facebook profile” trick. They’re asked to install a malicious browser plugin that’s available for Chrome, Firefox and Internet Explorer.
Once it’s installed, the plugin starts pushing Google Adsense advertisements whenever the user visits websites such as Ask.fm, Orkut, Facebook, Twitter, YouTube, Gmail, Hotmail and Google.
In addition, advertisements are also displayed on the websites of financial institutions.
Researchers say that this scheme relies on Crossrider, a legitimate platform for browser plugins. However, the cybercriminals behind the Lilyjade worm are abusing it to make a profit.
Users are advised to check their browsers for extensions called PimpMyWindow or MudeACordoSeuPerfil. If found, they should be removed immediately.