10K Facebook users infected by malware
Compromised devices hijacked Facebook accounts to deliver an infection through victims' own "friends."
A message seeming to come from a Facebook friend was instead a source of malware that ensnared 10,000 users, according to The Philippine Star.
The infection was detected by researchers at Kaspersky Lab, who determined that compromised devices hijacked Facebook accounts to deliver the infection through the victim's own Facebook friends.
The campaign ran last week – primarily in South America, Europe, Tunisia and Israel – delivering messages seemingly from a Facebook friend saying recipients were mentioned in a comment. This was only a ploy for the delivery of a two-stage attack.
First, a trojan would be downloaded onto the user's computer which delivered a Chrome browser extension. This allowed the second step, the usurping of the target's Facebook account.
The miscreants behind the attack were then able to alter privacy settings and siphon data, thus spreading the infection via the victim's Facebook friends. As well, they could spread spam, steal identities and manipulate "likes" and "shares."
The malware also was able to blacklist security sites that might have protected users.
Facebook has blocked the threat and claims it has not observed any further infection attempts. As well, Google removed the suspect extension from its Chrome Web Store.
Kaspersky advised users to run malware scans on their computers and open the Chrome browser to look for anomalous extensions.