Malicious browser extensions that hijack Facebook profiles have been found in the wild.
The browser extensions for Google Chrome and Mozilla Firefox were discovered in Brazil and reported by Microsoft's Malware Protection Center on Friday.
The extensions, which harbour Trojan:JS/Febipos.A, will check whether the user is logged in to Facebook before performing various actions via the user's account, including Liking pages, sharing links, posting updates, joining groups, chatting to friends and commenting on posts.
The malware may also post a message in Portuguese about a teenage bullying victim who killed herself, together with a video link that has been blocked by Facebook.
It also tries to Like and comment on a Portuguese Facebook page selling cars, as well as attempting to send various messages in Portuguese via chat, posts or comments. Some of these messages (translated into English) are: "Sorry guys, but this is ridiculous!!!" and "The coolest tune at the moment. It's really nice!"
The malware downloads the list of Facebook commands it uses in a PHP configuration file named sqlvarbr.php.
A Facebook spokeswoman said the malicious browser extensions are not compromising Facebook accounts themselves, but rather using permissions given to them by the user to carry out these actions on Facebook on their behalf.
Facebook has systems to detect and block these malicious browser extensions, she added.