Microsoft is warning users of Google’s Chrome and The Mozilla Foundation’s Firefox web browsers that a malicious browser extension for those platforms attempts to steal Facebook account login information after it is installed.
The attacks have mostly occurred in Brazil, Microsoft, and have been linked to spam campaigns promoting GM cars, like the Chevy Celta, an ultracompact car produced by General Motors do Brasil, according to a post on Microsoft’s Technet web site.
Microsoft identified the malware bundled with the browser extensions as Febipos.A, a malicious Trojan. After being installed, the Trojan waits for the user to log in to Facebook before it springs to life. Febipos downloads commands from a remote website that instruct it to carry out a wide range of actions through the active Facebook account, including wall posts, sharing and “liking” pages, commenting on other users’ posts and inviting Facebook friends to a group chat.
You might also want to read: That Facebook Account Hijack Vulnerability Is Still Dangerous. Here’s Why
The trojan was spotted posting spam links to compromised profiles, including links to and “like”s for a Facebook page promoting the GM “Celta” car, which is made by GM’s Brazilian subsidiary.
Microsoft researchers said the output of the trojan depends on the content of a configuration file it downloads. Other posts linked to the malware have featured sensational or salacious quotes designed to entice the viewer to click on them, Microsoft said.
Malicious browser extensions have become a popular choice for malware authors in recent years. Plug-in directories like Google’ Chrome Store have adopted a “caveat emptor” model and have been reluctant to do application audits on submitted plug-ins. That has led to a growing problem of malicious and suspicious plug-ins – often posing as legitimate applications. At the same time, application stores for platforms like Facebook and WordPress have been used as the launching pad for malicious attacks, as well.