Researchers at the internet security firm Cyren spotted a malicious Chrome extension spreading malicious PDFs on Facebook with the promise of nude celebrity content.
Victims were baited into clicking a PDF file on Facebook promising nude celebrity content. Once clicked in a Chrome browser, users are sent through a series of redirects which ultimately display a pop up asking for an installation of a chrome extension, according to a Dec. 8 Cyren blog post.
Once installed, the malicious extension can read and collect a user's personal data of a Facebook and gain permissions such as “posting on their behalf.” The malware then repeats the process by posting “nude PDF” files on Facebook groups, timeline and also sends them to their friends' private messages.
If a user clicks the malicious link in a browser other than chrome they are redirected to several new web pages containing adverts and nude content