You are here: Home » Technology » News » People
Business Standard

Malicious software poses as video from Facebook friend

The malware appears as a link in an email or Facebook message telling people that they have been tagged in a Facebook post

Vindu Goel 

A piece of malicious software masquerading as a Facebook video is hijacking users' Facebook accounts and web browsers, according to independent Italian security researchers who have been investigating the situation.

The malware appears as a link in an email or Facebook message telling people that they have been tagged in a Facebook post. When users go to Facebook and click the link, they are sent to a separate web site and prompted to download a browser extension or plug-in to watch a video, said one of the researchers, Carlo De Micheli, in a telephone interview on Monday.

Once that plug-in is downloaded, the attackers can access everything stored in the browser, including accounts with saved passwords. Many people commonly save email, Facebook and Twitter login data in their browsers, so the attackers can masquerade as the victim and tap those accounts.

De Micheli said the malicious software has been spreading at a rate of about 40,000 attacks an hour and has so far affected more than 800,000 people using Google's popular Chrome browser. It is replicating itself primarily by hijacking victims' Facebook accounts and reaching out to their friends on the social network. A user hit by the malicious software cannot easily remove it, since it blocks access to the browser settings that allow it to be removed and also blocks access to many sites that offer virus removal software.

A spokeswoman for Google, which makes the Chrome browser, said the company was aware of the attack and has already disabled the browser extensions that allowed it.

"When we detect items containing malware or learn of them through reports, we remove them from the Chrome Web Store and from active Chrome instances," said the spokeswoman, Veronica Navarrete, in a statement. "We've already removed several of these extensions, and are continuing to improve our automated systems to help detect them even faster."

Facebook said that its security systems had also detected the attack and it was working to clear the malicious links.

"In the meantime, we have been blocking people from clicking through the links and have reported the bad browser extensions to the appropriate parties," Michael Kirkland, a Facebook spokesman, said in a statement. "We believe only a small percentage of our users were affected by this issue, and we are currently working with them to ensure that they've removed the bad browser extension."

However, De Micheli said the attackers, who appear to be of Turkish origin based on comments embedded in the software, were adapting the malicious code and had already found a way to target users of Firefox, another popular browser.

This is not the first instance of an attack through a browser extension, which is a bit of software that allows a Web browser to perform specific functions, much like an app does for a smartphone. But this attack appears to be one of the most extensive to use the

"A few years ago, you'd tell your friends, don't click on attachments," De Micheli said. Now, the same advice applies to browser add-ons, he said.

De Micheli said that browser makers should do a better job of warning users that installing a plug-in, like installing a smartphone app, can give the software access to a wide variety of personal information. "People are used to clicking 'accept,'" he said.

De Micheli is an independent security researcher who, along with several other Italian colleagues, has done extensive work tracking unseemly activity on social networks, including the underground market in fake Twitter followers. In the case of the malicious browser extensions, he is working with Andrea Stroppa, Danny di Stefano and Matt Hofman.

Justin O'Kelly, a spokesman for Mozilla, said that users should make sure that they are only installing legitimate software from well-known Web sites that they trust. "Users should be wary of scams or suspicious messages asking them to install software from an unknown site," he said in a statement.

© 2013 The New York Times News Service

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

First Published: Tue, August 27 2013. 23:58 IST