In Recently, Trend Micro researchers came across a scam on Facebook that leverages the Valentine's Day (14th Feb). The said attack begins with a post on affected users' wall inviting other users to install a Valentines theme into their Facebook profile.
Once users click on this post, they are redirected to another page that urges them to install the said theme. Note that this attack only works on either Google Chrome or Mozilla Firefox browsers. Clicking the Install button on the page will prompt the download of the malicious file, FacebookChrome.crx which Trend Micro detects as TROJ_FOOKBACE.A. When executed, TROJ_FOOKBACE.A executes a script that is capable of displaying ads from certain websites.
It also installs itself on the users browsers as an extension named Facebook Improvement |Facebook.com. Once this malicious browser extension is installed, it will monitor the users browsing activities and redirect their page to a survey page asking them for their mobile number. Users who clicked on the post using Internet Explorer (IE) will be redirected to the same survey, without them being asked to download anything.
Upon further analysis, Trend Micro discovered that the attack is much more effective if the users are employing eitherGoogle Chrome or Mozilla Firefox. It resembles a legitimate extension download, thus requiring less user interaction than in the case where Internet Explorer is used (in which case the user is redirected to surveys).
Suchita Vishnoi, Head Marketing, Trend Micro (India & SAARC), said: "The fact that the attack itself is focused on Chrome and Firefox may mean that cyber criminals are targeting extension-compatible browsers, as well as going after more popular browser choices. This is not the first attack of its kind, but considering this the extension-capable browsers are coming to the forefront now."
She further added, "It is advised that users should inspect such Links closely and never click any of the links provided in these. It is typical for spammers to use prominent events/ brands such as Reader's Digest, or enticing contests to cloak their malicious schemes. Users should first verify with trusted sources about the existence of these promos to avoid becoming victims of such ruse. Contacting the organization purportedly behind the message by other means such as actual on-site visitation or a call on their hotline should also work as a way to verify if the message itself is in fact true".
Add new comment