“Facebook Secrets” Malicious Chrome Extension
Google have made many security measures to increase the security of chrome extensions. This by adding patches to fix critical security vulnerabilities and enforcing a policy to allow users install extensions only from Chrome Web Store. TrendMicro security researchers uncovered another malicious attack that are targeting chrome users.
The attack starts by sharing a shortened link that is posted on Twitter and claim to lead to “Facebook Secrets”. The link obviously have no secrets but it leads to an exe file that will execute the malware on victim machine. the executable file will bypass all security measures implemented by Google and create a folder in the extension directory with name for the malicious plugin and a script to be loaded when the victim connect to a URL.
Tweets sharing the fake extension sourced TrendMicro
Each time victim will open chrome browser and navigate to Facebook/Twitter the extension will open a Turkish page that will provide cybercriminal income with click fraud. Using social media for promoting malwares is always on the rise this helps cybercriminal post the malicious links and have more exposure to what they want to share.
To protect your systems be sure to never click or follow shortened links from unknown sources, you can use longurl service to have the real URL and it will be important to install browser extensions only from the official store to avoid fake plugins.