Shoplifters hit up Chrome Store for Facebook data

Mar 28, 2012 by Nancy Owano report

(PhysOrg.com) -- A cash-for-Facebook’s-“likes” hustle hanging out in Google Chrome Web Store has been discovered by Kaspersky Lab. The researchers first discovered extensions leading to the wave of hijackings under an umbrella of assorted themes that were targeting users of Chrome and Facebook. They were rolling out malicious extensions for use to nab Facebook profile data. The lure was in the form of invitations for users to make changes on their profile or to see who was visiting their profile or to remove a virus from their Facebook profile.

Then Kaspersky’s Fabio Assolini, a lab expert, said one bit of malware especially caught his team's attention because the malicious extension was hosted on Google’s own Chrome Web Store. "At this time," Assolini said in a March 23 blog, "the malicious app has 923 users."

The extension presented itself as Adobe Flash Player. After installation, the extension could gain complete control of the victim’s first by downloading a script file. The script file had instructions to send commands to the victim’s Facebook profile. The result was the eventual spread of a malicious message, inviting more users to install the fake extension.

So what's in such a scheme for the malware makers? Profit, in the form of selling Facebook “likes” to businesses looking for (ironically) a reputation boost and may be willing to pay the $27 charged for 1,000 “likes.”

According to reports, Google personnel removed the malicious extension after Kaspersky informed them of the hustle - titled Trojan.JS.Agent.bxo—which the Kaspersky experts had discovered on March 6 in a previous similar attack.

According to Ars Technica, a Google response was, "When we detect items containing malware or learn of them through reports, we remove them from the Chrome and from active Chrome instances. We've already removed several of these extensions, and we are improving our automated systems to help detect them even faster."

Beyond the Store, one security plus for Google was the launch, earlier this year, of Bouncer, which scans the Android Market for malicious apps. The scan happens when developers first upload an app to the Market and then periodically after that.

The Bouncer safeguard does not, however, seem to console observers over thieves who find ways to outsmart Facebook and Google.

Those behind the cash-for-likes scheme "are uploading new extensions regularly, in a cat and mouse game," said Kaspersky’s Assolini.

Kaspersky Lab noticed a "huge wave" of attacks in Brazil. Without naming the miscreants, Assolini's column warning users to “think twice” before installing Chrome extensions simply referred to “Brazil’s bad guys” turning their attention to Chrome and Facebook, which are now Brazil's two key go-to places on the Internet. Recent statistics show that Google has become the most popular browser in Brazil with more than 45 percent of market share. is the most popular social network in Brazil, with 42 million users, displacing Orkut.

Explore further: Twitter rules out Turkey office amid tax row

More information: www.securelist.com/en/blog/208193414/Think_twice_before_installing_Chrome_extensions

Related Stories

Google Chrome extensions to be officially released

Dec 07, 2009

(PhysOrg.com) -- Google is expected to release its Extensions Gallery for general users of the new Chrome browser this week, possibly at the Add-On Conference on browser extensions to be held on December 11, ...

Google Chrome 4.0 stable version released for Windows

Jan 27, 2010

(PhysOrg.com) -- All PC users running Windows can now have access to Google Chrome's new extension gallery, with the release earlier this week of a stable version of the Chrome 4.0 browser for Windows.

Bringing Chrome to Android more than wishful thinking

Oct 05, 2011

(PhysOrg.com) -- The first version of Chrome for Android should be just around the corner, according to ConceivablyTech. “Google is heading toward the finish line for the first release of Chrome for Android,” ...

Google Chrome 5 beta released

May 06, 2010

(PhysOrg.com) -- Internet search engine giant Google has released a new beta version of its Chrome browser, and it is visibly much faster than the previous version, and faster than most other browsers.

Recommended for you

Twitter rules out Turkey office amid tax row

16 hours ago

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

19 hours ago

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 0

More news stories

Simplicity is key to co-operative robots

A way of making hundreds—or even thousands—of tiny robots cluster to carry out tasks without using any memory or processing power has been developed by engineers at the University of Sheffield, UK.

Microsoft CEO is driving data-culture mindset

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Floating nuclear plants could ride out tsunamis

When an earthquake and tsunami struck the Fukushima Daiichi nuclear plant complex in 2011, neither the quake nor the inundation caused the ensuing contamination. Rather, it was the aftereffects—specifically, ...

Patent talk: Google sharpens contact lens vision

(Phys.org) —A report from Patent Bolt brings us one step closer to what Google may have in mind in developing smart contact lenses. According to the discussion Google is interested in the concept of contact ...

Quantenna promises 10-gigabit Wi-Fi by next year

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...