Bitdefender experts have identified a rogue web browser extension, hosted on the official Chrome store, that's used by scammers to harvest Facebook likes.
It all starts with a link which takes users, via a redirect, to a website where they’re requested to install a Chrome extension called Business Flash Player.
Once installed, the extension starts accessing Facebook cookies and “likes” various social media pages on the victim’s behalf.
The malicious website that advertises the Business Flash Player was registered on Sunday in Turkey.
It appears the scam has been highly lucrative so far. The script executed by the rogue extension instructs compromised accounts to “like” a page owned by one Mehmet Ozbilen.
The page has already gathered over 40,000 likes, despite the fact that no content has been posted on it since it was created, on February 12.
Harvesting Facebook likes can be very profitable, not only for cybercriminals, but also for shady businesses that want to promote their activity.