Be aware of fake Facebook extensions

We have received from our partners in the AV industry reports about malicious browser extensions trying to hijack Facebook profiles. According to Microsoft, this threat was first discovered in Brazil but because of the social engineering techniques it uses, it spread fast in other countries and languages as well.

All Avira products detect it as TR/Febipos.B.2.

The malware is a malicious browser extension specifically targeting Chrome and Mozilla Firefox.

This trojan monitors a user to see if they are currently logged-in to Facebook. Once logged in, the malware can do all kind of actions on behalf of the user:

  • like a page
  • share posts
  • invite friends
  • chat with friends
  • comment on a post

You can find more information about this trojan on this page (Microsoft).

This trojan is another proof that staying logged on social media websites is not always a good idea. Browsers store the user name and password for you, but you should not enable to remain logged in. So, please don’t enable “Keep me logged in”. It would only cost you one click more to login after the browser saved the login details.

facebook-logout

Also pay attention to what extension you are installing in your browser. Always make sure that the extension comes from a known publisher and that it has a good reputation.

 

Sorin Mustaca

IT Security Expert

via Avira – TechBlog http://techblog.avira.com/2013/05/14/be-aware-of-fake-facebook-extensions/en/


© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

Comments are closed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close