An adult video scam that was discovered infecting Russian Facebook users back in April is now targeting Europeans, Kaspersky Lab reported via its Securelist blog.
To execute the scam, the attackers compromise a Facebook account and use it post a link to an “18+” video, supposedly available on YouTube. The perpetrators then add fraudulent likes from the compromised account-holder's list of friends, hoping to pique the curiosity of either the original user or his or her contacts.
Clicking the link takes the victim to a YouTube-lookalike web page residing on malicious domain. A pop-up banner instructs the user to install a browser extension; however this extension “gains rights to read all the data in the browser, which the fraudsters can later use to get all the passwords, logins, credit card details and other confidential user information that is entered,” the blog post warned.