Last week, a malicious group tricked almost 10,000 Facebook users into sharing their email addresses and password with a phishing attack, discovered by Kaspersky Lab, that then went on to spread itself to those users’ friends and family through seemingly innocuous Facebook messages. South America was especially hard hit by the infection.
Kaspersky explains it best:
Between the 24th and 27th June, thousands of unsuspecting consumers received a message from a Facebook friend saying they’d mentioned them in a comment. The message had in fact been initiated by attackers and unleashed a two-stage attack. The first stage downloaded a Trojan onto the user’s computer that installed, among other things, a malicious Chrome browser extension. This enabled the second stage, the takeover of the victim’s Facebook account when they logged back into Facebook through the compromised browser.
A successful attack gave the threat actor the ability to change privacy settings, extract data and more, allowing it to spread the infection through the victim’s Facebook friends or undertake other malicious activity such as spam, identity theft and generating fraudulent ‘likes’ and ‘shares’. The malware tried to protect itself by black-listing access to certain websites, such as those belonging to security software vendors.
Brazil was most compromised by the attack, with 37 per cent of the infected accounts coming from that country. Windows PCs were the primary infection vector, with Windows phones also possibly able to be compromised; Android and iOS phones, though, were immune to the attacks due to the libraries — including the Chrome extension — not being compatible.
Interestingly, Kaspersky says one of the attacking extensions was hosted on Google’s Chrome Web Store, which is usually a sign of authenticity — importantly, since these extensions have the ability to view personally identifiable data on many of the websites a user visits. As standard procedure, Kaspersky says installing antimalware software and running regular malware scans is the best solution. [Kaspersky]
Gizmodo Australia is gobbling up the news in a different timezone, so check them out if you need another Giz fix.