Malicious Chrome extension promising business version of Flash can take over users’ Facebook accounts
Some Facebook users have fallen victim to a new phishing scam, which takes over a user’s Facebook account, Liking pages and posting links on their behalf, according to PC World.
The scam reportedly begins with an email that prompts users to download a new “business” version of Adobe Flash Player. Users who click on the spam link are taken to the Chrome Web Store to download a browser extension. After users download the extension, the malware will check to see if a user is logged into Facebook, and if so, it will use a script to control the account.
Users report having pages Liked and links shared without their knowledge. Those links are often used to spread other phishing attacks. The pages are often part of more elaborate scams. Senior e-threat analyst at Bitdefender Bogdan Botezatu told PC World that a page with 100,000 Likes is worth between $150 and $200 on some underground forums. When a page is purchased, it is often rebranded to look like a well-known company page and used to sell counterfeit items or distribute more malware.
Botezatu said this type of attack is unlikely to be detected by anti-virus software. Users should exercise caution before clicking on suspicious links in emails or on Facebook, and before they download any application or browser extension.