Shoplifters hit up Chrome Store for Facebook data

Mar 28, 2012 by Nancy Owano report

(PhysOrg.com) -- A cash-for-Facebook’s-“likes” hustle hanging out in Google Chrome Web Store has been discovered by Kaspersky Lab. The researchers first discovered extensions leading to the wave of hijackings under an umbrella of assorted themes that were targeting users of Chrome and Facebook. They were rolling out malicious extensions for use to nab Facebook profile data. The lure was in the form of invitations for users to make changes on their profile or to see who was visiting their profile or to remove a virus from their Facebook profile.

Then Kaspersky’s Fabio Assolini, a lab expert, said one bit of malware especially caught his team's attention because the malicious extension was hosted on Google’s own Chrome Web Store. "At this time," Assolini said in a March 23 blog, "the malicious app has 923 users."

The extension presented itself as Adobe Flash Player. After installation, the extension could gain complete control of the victim’s first by downloading a script file. The script file had instructions to send commands to the victim’s Facebook profile. The result was the eventual spread of a malicious message, inviting more users to install the fake extension.

So what's in such a scheme for the malware makers? Profit, in the form of selling Facebook “likes” to businesses looking for (ironically) a reputation boost and may be willing to pay the $27 charged for 1,000 “likes.”

According to reports, Google personnel removed the malicious extension after Kaspersky informed them of the hustle - titled Trojan.JS.Agent.bxo—which the Kaspersky experts had discovered on March 6 in a previous similar attack.

According to Ars Technica, a Google response was, "When we detect items containing malware or learn of them through reports, we remove them from the Chrome and from active Chrome instances. We've already removed several of these extensions, and we are improving our automated systems to help detect them even faster."

Beyond the Store, one security plus for Google was the launch, earlier this year, of Bouncer, which scans the Android Market for malicious apps. The scan happens when developers first upload an app to the Market and then periodically after that.

The Bouncer safeguard does not, however, seem to console observers over thieves who find ways to outsmart Facebook and Google.

Those behind the cash-for-likes scheme "are uploading new extensions regularly, in a cat and mouse game," said Kaspersky’s Assolini.

Kaspersky Lab noticed a "huge wave" of attacks in Brazil. Without naming the miscreants, Assolini's column warning users to “think twice” before installing Chrome extensions simply referred to “Brazil’s bad guys” turning their attention to Chrome and Facebook, which are now Brazil's two key go-to places on the Internet. Recent statistics show that Google has become the most popular browser in Brazil with more than 45 percent of market share. is the most popular social network in Brazil, with 42 million users, displacing Orkut.

Explore further: Turkey still hopes Twitter will open local office

More information: www.securelist.com/en/blog/208193414/Think_twice_before_installing_Chrome_extensions

Related Stories

Google Chrome extensions to be officially released

Dec 07, 2009

(PhysOrg.com) -- Google is expected to release its Extensions Gallery for general users of the new Chrome browser this week, possibly at the Add-On Conference on browser extensions to be held on December 11, ...

Google Chrome 4.0 stable version released for Windows

Jan 27, 2010

(PhysOrg.com) -- All PC users running Windows can now have access to Google Chrome's new extension gallery, with the release earlier this week of a stable version of the Chrome 4.0 browser for Windows.

Bringing Chrome to Android more than wishful thinking

Oct 05, 2011

(PhysOrg.com) -- The first version of Chrome for Android should be just around the corner, according to ConceivablyTech. “Google is heading toward the finish line for the first release of Chrome for Android,” ...

Google Chrome 5 beta released

May 06, 2010

(PhysOrg.com) -- Internet search engine giant Google has released a new beta version of its Chrome browser, and it is visibly much faster than the previous version, and faster than most other browsers.

Recommended for you

Net neutrality balancing act

11 hours ago

Researchers in Italy, writing in the International Journal of Technology, Policy and Management have demonstrated that net neutrality benefits content creator and consumers without compromising provider innovation nor pr ...

Twitter rules out Turkey office amid tax row

Apr 16, 2014

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

Apr 16, 2014

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 0

More news stories

Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Better thermal-imaging lens from waste sulfur

Sulfur left over from refining fossil fuels can be transformed into cheap, lightweight, plastic lenses for infrared devices, including night-vision goggles, a University of Arizona-led international team ...

Deadly human pathogen Cryptococcus fully sequenced

Within each strand of DNA lies the blueprint for building an organism, along with the keys to its evolution and survival. These genetic instructions can give valuable insight into why pathogens like Cryptococcus ne ...