Malicious Chrome and Firefox extensions found hijacking Facebook profiles

Summary:Malicious extensions for Google Chrome and Mozilla Firefox that hijack Facebook profiles to post messages have been flagged up by Microsoft Malware Protection Center.

Malicious browser extensions that hijack Facebook profiles have been found in the wild.

The browser extensions for Google Chrome and Mozilla Firefox were discovered in Brazil and reported by Microsoft's Malware Protection Center on Friday.

The extensions, which harbour Trojan:JS/Febipos.A, will check whether the user is logged in to Facebook before performing various actions via the user's account, including Liking pages, sharing links, posting updates, joining groups, chatting to friends and commenting on posts.

The malware may also post a message in Portuguese about a teenage bullying victim who killed herself, together with a video link that has been blocked by Facebook.

It also tries to Like and comment on a Portuguese Facebook page selling cars, as well as attempting to send various messages in Portuguese via chat, posts or comments. Some of these messages (translated into English) are: "Sorry guys, but this is ridiculous!!!" and "The coolest tune at the moment. It's really nice!"

The malware downloads the list of Facebook commands it uses in a PHP configuration file named sqlvarbr.php.

A Facebook spokeswoman said the malicious browser extensions are not compromising Facebook accounts themselves, but rather using permissions given to them by the user to carry out these actions on Facebook on their behalf.

Facebook has systems to detect and block these malicious browser extensions, she added.

Topics: Security

About

Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.