Shoplifters hit up Chrome Store for Facebook data

Mar 28, 2012 by Nancy Owano report

(PhysOrg.com) -- A cash-for-Facebook’s-“likes” hustle hanging out in Google Chrome Web Store has been discovered by Kaspersky Lab. The researchers first discovered extensions leading to the wave of hijackings under an umbrella of assorted themes that were targeting users of Chrome and Facebook. They were rolling out malicious extensions for use to nab Facebook profile data. The lure was in the form of invitations for users to make changes on their profile or to see who was visiting their profile or to remove a virus from their Facebook profile.

Then Kaspersky’s Fabio Assolini, a lab expert, said one bit of malware especially caught his team's attention because the malicious extension was hosted on Google’s own Chrome Web Store. "At this time," Assolini said in a March 23 blog, "the malicious app has 923 users."

The extension presented itself as Adobe Flash Player. After installation, the extension could gain complete control of the victim’s first by downloading a script file. The script file had instructions to send commands to the victim’s Facebook profile. The result was the eventual spread of a malicious message, inviting more users to install the fake extension.

So what's in such a scheme for the malware makers? Profit, in the form of selling Facebook “likes” to businesses looking for (ironically) a reputation boost and may be willing to pay the $27 charged for 1,000 “likes.”

According to reports, Google personnel removed the malicious extension after Kaspersky informed them of the hustle - titled Trojan.JS.Agent.bxo—which the Kaspersky experts had discovered on March 6 in a previous similar attack.

According to Ars Technica, a Google response was, "When we detect items containing malware or learn of them through reports, we remove them from the Chrome and from active Chrome instances. We've already removed several of these extensions, and we are improving our automated systems to help detect them even faster."

Beyond the Store, one security plus for Google was the launch, earlier this year, of Bouncer, which scans the Android Market for malicious apps. The scan happens when developers first upload an app to the Market and then periodically after that.

The Bouncer safeguard does not, however, seem to console observers over thieves who find ways to outsmart Facebook and Google.

Those behind the cash-for-likes scheme "are uploading new extensions regularly, in a cat and mouse game," said Kaspersky’s Assolini.

Kaspersky Lab noticed a "huge wave" of attacks in Brazil. Without naming the miscreants, Assolini's column warning users to “think twice” before installing Chrome extensions simply referred to “Brazil’s bad guys” turning their attention to Chrome and Facebook, which are now Brazil's two key go-to places on the Internet. Recent statistics show that Google has become the most popular browser in Brazil with more than 45 percent of market share. is the most popular social network in Brazil, with 42 million users, displacing Orkut.

Explore further: Survey: Harassment a common part of online life

More information: www.securelist.com/en/blog/208… ng_Chrome_extensions

Related Stories

Google Chrome extensions to be officially released

Dec 07, 2009

(PhysOrg.com) -- Google is expected to release its Extensions Gallery for general users of the new Chrome browser this week, possibly at the Add-On Conference on browser extensions to be held on December 11, ...

Google Chrome 4.0 stable version released for Windows

Jan 27, 2010

(PhysOrg.com) -- All PC users running Windows can now have access to Google Chrome's new extension gallery, with the release earlier this week of a stable version of the Chrome 4.0 browser for Windows.

Bringing Chrome to Android more than wishful thinking

Oct 05, 2011

(PhysOrg.com) -- The first version of Chrome for Android should be just around the corner, according to ConceivablyTech. “Google is heading toward the finish line for the first release of Chrome for Android,” ...

Google Chrome 5 beta released

May 06, 2010

(PhysOrg.com) -- Internet search engine giant Google has released a new beta version of its Chrome browser, and it is visibly much faster than the previous version, and faster than most other browsers.

Recommended for you

Twitter looks to weave into more mobile apps

3 hours ago

Twitter on Wednesday set out to weave itself into mobile applications with a free "Fabric" platform to help developers build better programs and make more money.

Google unveils app for managing Gmail inboxes

4 hours ago

Google is introducing an application designed to make it easier for its Gmail users to find and manage important information that can often become buried in their inboxes.

Fighting cyber-crime one app at a time

10 hours ago

This summer Victoria University of Wellington will be home to four Singaporean students researching cyber threats. The students have been working with Dr Ian Welch, a lecturer in Victoria's School of Engineering and Computer ...

Is big data heading for its 'horsemeat moment'?

12 hours ago

There have been so many leaks, hacks and scares based on misuse or misappropriation of personal data that any thought that "big data" could provide benefits rather than only opportunities for harm may be ...

User comments : 0