14 DAY TRIAL // Facebook scams that rely on malicious browser extensions are not new, but it turns out that scammers started hosting them on the official Google Chrome Web Store to make everything more legitimate-looking.
Kaspersky Lab experts uncovered a Facebook page called “Learn how to remove the virus from your Facebook profile,” which targets the social media accounts of Brazilian users.
The page advertises an application that can remove viruses from profiles, and urges users to install it. When the Install Application button is clicked, the user is taken to the Chrome Web Store where he/she is presented with an Adobe Flash Player extension from AppFace.
Once installed, the malicious extension takes over the victim’s account. Hijacked accounts are used by the cybercriminals not only to further advertise the scam, but also to Like certain pages, and even for monetary gain.
Identified as Trojan.JS.Agent.bxo, the phony Flash Player component was quickly removed by Google from the official store, but according to Kaspersky, the individuals that run these plots keep uploading other extensions on a regular basis.
Many internauts don’t understand how fraudsters can make money with their Facebook profiles, but in reality compromised social media accounts can be leveraged in numerous ways.
It’s known that many companies advertise their services on Facebook, and some of them would pay serious amounts to ensure that their pages are Liked by as many people as possible, in order to promote their brand and gain more visibility.
This is where the crooks step in. They use the compromised accounts to sell Likes to anyone who’s willing to pay. An example shows that 1000 Likes can cost around $27 (20 EUR), which may not seem that much, but for this price they’re probably not short of customers.
In order to avoid losing their Facebook accounts, customers are advised to carefully examine the social media applications they install, even if they're hosted on legitimate sites.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.