Shoplifters hit up Chrome Store for Facebook data

Mar 28, 2012 by Nancy Owano report

(PhysOrg.com) -- A cash-for-Facebook’s-“likes” hustle hanging out in Google Chrome Web Store has been discovered by Kaspersky Lab. The researchers first discovered extensions leading to the wave of hijackings under an umbrella of assorted themes that were targeting users of Chrome and Facebook. They were rolling out malicious extensions for use to nab Facebook profile data. The lure was in the form of invitations for users to make changes on their profile or to see who was visiting their profile or to remove a virus from their Facebook profile.

Then Kaspersky’s Fabio Assolini, a lab expert, said one bit of malware especially caught his team's attention because the malicious extension was hosted on Google’s own Chrome Web Store. "At this time," Assolini said in a March 23 blog, "the malicious app has 923 users."

The extension presented itself as Adobe Flash Player. After installation, the extension could gain complete control of the victim’s first by downloading a script file. The script file had instructions to send commands to the victim’s Facebook profile. The result was the eventual spread of a malicious message, inviting more users to install the fake extension.

So what's in such a scheme for the malware makers? Profit, in the form of selling Facebook “likes” to businesses looking for (ironically) a reputation boost and may be willing to pay the $27 charged for 1,000 “likes.”

According to reports, Google personnel removed the malicious extension after Kaspersky informed them of the hustle - titled Trojan.JS.Agent.bxo—which the Kaspersky experts had discovered on March 6 in a previous similar attack.

According to Ars Technica, a Google response was, "When we detect items containing malware or learn of them through reports, we remove them from the Chrome and from active Chrome instances. We've already removed several of these extensions, and we are improving our automated systems to help detect them even faster."

Beyond the Store, one security plus for Google was the launch, earlier this year, of Bouncer, which scans the Android Market for malicious apps. The scan happens when developers first upload an app to the Market and then periodically after that.

The Bouncer safeguard does not, however, seem to console observers over thieves who find ways to outsmart Facebook and Google.

Those behind the cash-for-likes scheme "are uploading new extensions regularly, in a cat and mouse game," said Kaspersky’s Assolini.

Kaspersky Lab noticed a "huge wave" of attacks in Brazil. Without naming the miscreants, Assolini's column warning users to “think twice” before installing Chrome extensions simply referred to “Brazil’s bad guys” turning their attention to Chrome and Facebook, which are now Brazil's two key go-to places on the Internet. Recent statistics show that Google has become the most popular browser in Brazil with more than 45 percent of market share. is the most popular social network in Brazil, with 42 million users, displacing Orkut.

Explore further: Pinterest buys startup with image organizing skills

More information: www.securelist.com/en/blog/208… ng_Chrome_extensions

Related Stories

Google Chrome extensions to be officially released

Dec 07, 2009

(PhysOrg.com) -- Google is expected to release its Extensions Gallery for general users of the new Chrome browser this week, possibly at the Add-On Conference on browser extensions to be held on December 11, ...

Google Chrome 4.0 stable version released for Windows

Jan 27, 2010

(PhysOrg.com) -- All PC users running Windows can now have access to Google Chrome's new extension gallery, with the release earlier this week of a stable version of the Chrome 4.0 browser for Windows.

Bringing Chrome to Android more than wishful thinking

Oct 05, 2011

(PhysOrg.com) -- The first version of Chrome for Android should be just around the corner, according to ConceivablyTech. “Google is heading toward the finish line for the first release of Chrome for Android,” ...

Google Chrome 5 beta released

May 06, 2010

(PhysOrg.com) -- Internet search engine giant Google has released a new beta version of its Chrome browser, and it is visibly much faster than the previous version, and faster than most other browsers.

Recommended for you

US warns retailers on data-stealing malware

4 hours ago

US government cybersecurity watchdogs warned retailers Thursday about malware being circulated that allows hackers to get into computer networks and steal customer data.

Irish bookmaker apologizes for 2010 data breach

5 hours ago

(AP)—Irish betting company Paddy Power announced Thursday it is notifying hundreds of thousands of customers that most of their profile information was stolen in 2010, but hackers did not gain their credit card details ...

Misinformation diffusing online

7 hours ago

The spread of misinformation through online social networks is becoming an increasingly worrying problem. Researchers in India have now modeled how such fictions and diffuse through those networks. They described details ...

User comments : 0