Friday, August 30, 2013

Facebook Users Passwords Harvested by Browser Malware

Don’t trust everything you see on Facebook.  Especially if it’s a message from your friends saying you have been tagged by them.
A malicious software is appearing  as a link in an e-mail or Facebook message telling people they have been tagged by a friend in a Facebook post.  When users go to Facebook and click on this link, they are sent to another website and prompted to download a browser extension or plug-in to watch a video, said researcher for an independent Italian security, Carlo De Micheli.
Once the plug-in is downloaded to the computer, attackers can access everything stored in the browser.  This includes all accounts and saved passwords that are automatically saved to your computer when you visit a site.  For this reason, it is important to tell your computer NOT to save your passwords.

Facebook Scam Video
Photo Credit: Bits

Mr. De Micheli said this malicious software has been spreading at the rate of 40,000 attacks an hour and has affected more than 800,000 people using Google’s Chrome browser.  The malware is replicating itself by hijacking victims’ Facebook accounts then attacking all their friends accounts.
This malware blocks access to the browser settings that allow it to be removed and also blocks access to websites that offer virus removal software.   These attackers have now released another version of this malware targeting Firefox users.

“When we detect items containing malware or learn of them through reports, we remove them from the Chrome Web Store and from active Chrome instances,” said the spokeswoman, Veronica Navarrete, in a statement. “We’ve already removed several of these extensions, and are continuing to improve our automated systems to help detect them even faster.”

Mr. De Micheli said the attackers appear to be of Turkish origin, based on comments embedded in the software.
This is not the first instance of an attack through browser extensions.  This software allows a Web browser to perform specific functions, like a smartphone app does.  This attack appears to be one of the most extensive in the usage of technology.
Remember when you were told not to click on attachments?  Now the same goes for browser add-ons, you may be allowing an attacker access to your accounts.
Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

More than 800,000 Facebook users fall victim to password-harvesting browser malware, researcher claims – WeLiveSecurity
August 29, 2013
Malicious Software Poses as Video From a Facebook Friend – Bits
August 26, 2013

No comments:

Post a Comment