Rogue Firefox extension hijacks browser sessions

Security researchers from StopMalvertising have spotted a rogue Firefox extension, capable of hijacking browser sessions and posting content on Facebook.

Security researchers from StopMalvertising, have spotted a rogue Firefox extension, capable of hijacking browser sessions and posting content on Facebook.

The rogue extension is currently distributed across multiple adult web sites, and across Facebook, attempting to trick users into thinking that they're running an outdated version of their Adobe Flash Player.

What happens one the user installs the bogus extension?

The internet user will visit additional websites in the background with the viral add-on installed, possibly participate in click-fraud and expose themselves to malware while surfing on those unwanted sites.Furthermore, when logged in on Facebook, the victim will spam a viral video to their friends, spreading the Trojan clicker even more.

When visiting Google for example, the script will fetch additional web pages in the background which may lead to malware. The page at footprintsit.com contains a list of URL's to visit. The URL also contains an affiliate ID / Name ... Foreste. This is the criminal who will earn money from your surfing.

If the affected user is logged into Facebook, the rogue extension will distribute a viral video with the title "Kristen Stewart Was Taped Drunk & Having S#x!", in an attempt to trick even more people into downloading and installing the bogus extension. Affected Facebook users will be served a bogus Facebook landing page, prompting them to install Flash_Player_11.exe.

Users are advised to be extra cautions when installing Firefox extensions from untrusted sources, and to avoid falling victims into scams impersonating legitimate companies by always ensuring that they are downloading third-party software and browser plugins from their official sites only.