Google Chrome Extension Hijack Facebook Accounts

Google Chrome Web Store may include many useful application but from time to time security researchers uncover a malicious extensions that can be used to infect users. Over this week Maxime Kjaer blogged about finding Chrome extension that can be used by cyber criminal to Hijack Facebook Accounts and launch DDoS attacks or steal victim passwords and more.

The security analyses started by tracking a suspicious links that is circulating Facebook and other social network platforms. Following one of the suspicious links lead to a verification page that is looking to confirm users to be older than 13 years.

The verification will not pass without infecting the system so in order to confirm your age you need to install a Chrome extension called “Viral Content Age Verify” which is the malware that will collect UID the unique string to identify infected system, extension ID and checking the system if it is connected to Facebook with a valid account to post the link and turn the account to be part of the botnet.


Viral Content Age Verify extension on chrome store that Hijack Facebook Accounts

From this case we can see that social network continue to be the preferred method for cyber criminals to spread their malware as it has the feeling of trust because no one will doubt or ignore his first connections on Facebook. Also it provides the fastest way to infect users as they are connected to each others.

According to Maxime Kjaer the Chrome extension were installed by 132,265 users.