Facebook is attacked once again

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,008
At present, Facebook is considered to be one of the most popular social networks not only among ordinary Internet users but also among attackers. Doctor Web analytics found out that the Google Chrome plug-in able to send out spam messages has already affected more than 12,000 of Facebook users.

The malicious plug-in for Google Chrome is detected as Trojan.BPlug.1074. If the plug-in affects the browser, it determines the identifier of the user (UID) when they log on to Facebook and modifies the appearance of the website by removing the Privacy Shortcuts menu located at the upper-right side of the Facebook window, together with other drop-down menus of the social network’s interface. Then the Trojan obtains the user’s friend list.

After that, Trojan.BPlug.1074 creates a new group named randomly. Using the group ID, the victim’s profile photo and the address of the webpage retrieved from a configuration file, the Trojan generates a “share a link” post and publishes it on the wall in specified intervals. What is more, the Trojan adds all the victim’s friends on Facebook to the post so this message is published on their walls too.


If the user follows the specified link, they are redirected to some webpage whose appearance is identical to the Facebook web design. Yet, if another website was used to follow this link, the user is redirected to a blank webpage.


The webpage is named “Hello please watch my video” and contains an allegedly standard video player. If the victim uses Chrome, they are prompted to download and install a browser plug-in that is, in fact, another copy of Trojan.BPlug.1074.


Trojan.BPlug.1074 can use this method to spread other plug-ins for Google Chrome.

Doctor Web security researchers registered more than 12,000 cases involving the Trojan.BPlug.1074 malicious plug-in being installed by Facebook users as of April 28, 2016. Dr.Web Anti-virus successfully detects and removes this Trojan. Yet, our specialists recommend you to pay careful attention when installing extensions for the browser even if they are offered by such a popular website as Facebook.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Sharing this with a few friends now.
Thanks for the heads up omidomi.
PeAcE
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top