Tuesday, December 20, 2011

Facebook Scams Now Serving Malicious Browser Extensions

If you recently fell for a scam on Facebook and find that you’re now spamming your friends and family with the same scam, you may want to double check your browser for rogue extensions.

Facebook scams are fueled by their victims, who fulfill the request to share a page, post a comment, watch videos or complete surveys in hopes to earn free gift cards to popular establishments like the Cheesecake Factory, Amazon.com, Costco or get more details on a juicy celebrity story.

Now it seems that cybercriminals have thrown browser extensions into the mix, which they disguise as a required video plugin to watch that scandalous video or a browser plugin that will allow you to print out vouchers for a free meal at the Cheesecake Factory.

How it Works

The scam draws victims in with posts similar to this one:
Eat at Cheesecake Factory for FREE!! (limited time only)

Cheesecake Factory is currently giving away $100.00 dinner vouchers to all facebook users!! Claim yours before they are all taken!

Malicious Firefox PluginUpon clicking the link advertised, you will be taken to a page that asks you to post the offer to your profile and download a browser plugin called “Free Cheesecake Factory” for Chrome (.crx file) or Firefox (.xpi file) in order to print their free meal voucher.

However, once the malicious extension is installed, the extension will load a script from another website that is used by the browser that connects to Facebook. From there, the code will create posts and message your friends on your behalf advertising the very same scam you fell for, along with any other spam or malware the cybercrook sees fit.

How to Remove the Plugin

Unless you want to be blocked or unfriended on Facebook, it's a good idea to remove the malicious plugin from your browser.

For Firefox users:

  1. Click the orange ‘Firefox’ tab at the top of your browser window.

  2. Select ‘Add-ons’ in the right navigation menu (it has a blue puzzle piece icon next to it).

  3. Click on the ‘Extensions’ option.

  4. Look for the ‘Free Cheesecake Factory’ plugin and click the ‘Remove’ button next to it.

  5. Restart Firefox.

For Chrome users:

  1. Click the gray tool icon on the top right.

  2. Hover over the ‘Tools’ option and click ‘Extensions’

  3. Look for the ‘Free Cheesecake Factory’ extension and click ‘Remove’.

  4. Restart Chrome.

Once you’ve removed the plugins, it may be a good idea to go through your Facebook profile and remove any posts that the extension created, apologize to your friends accordingly, and be sure to avoid any scams in the future.

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

No comments:

Post a Comment