Researchers at TrendMicro have identified a new malicious Facebook campaign that distributes a rouge Chrome extension via Facebook Messenger.
Of course, the Google to banned the use of any extension which is not available on the Chrome Web Store. Unfortunately, initiatives like these have not deterred cyber criminal efforts.
Christopher Talampas, fraud analyst at Trend Micro, received a message instructing to access a page claiming to offer appealing video content.
Talampas clicked on the link. It led him to a site with a page designed to mimic the look and feel of Facebook. The fake Facebook page automatically downloaded a file named Chrome_Video_installer.scr.
"This supposed video installer file is detected as TROJ_KILIM.EFLD. This variant attempts to download another file - possibly the final payload - but the site is currently down. However, it should be noted that KILIM malware are known to be malicious Chrome extensions and plugins. KILIM variants have also been observed to spam Facebook messages and cause system infection," Talampas said in a blog post.
VICTIMS
Facebook users from Philippines (36%), Indonesia (6%), India (6%), Brazil (6%), and the U.S (5% ) are mostly affected by this particular attack, according to the feedback from the Smart Protection Network.
"In this attack, users might be fooled into clicking the link because of three things. First, the message comes from a Facebook friend, not a stranger. The message also addresses the user through the name he uses on Facebook. This makes it appear less like a random, spammed message. The informality of the message may compel the user to read the message."
TrendMicro have reported the incident to Facebook -- they marked the message as spam.
Aucun commentaire:
Enregistrer un commentaire