A Kaspersky Lab expert revealed that a malware attack on Facebook led around 10,000 users into infecting their devices after receiving a message from a “friend” who supposedly mentioned them on the social networking site. Contaminated devices were used to hijack accounts to further spread the infection and to enable other malicious activity. The attacks happened between June 24 and 27.
Most of the attacks happened to users in South America, Europe, Tunisia, and Israel. Composed of two stages, the attack begins by downloading a trojan into the user’s computer, bringing with it troubling applications including a malicious Chrome browser extension. Once installed, these allowed for the takeover of the victim’s Facebook profile. A successful attack allows threat actors to change privacy settings, extract data, infect others, post spam, generate fraudulent likes and shares, and ultimately commit identity theft. Additionally, the extension blacklists known security websites as to protect itself from being detected.
People using Windows-based computers saw the highest risk, while those using Windows Mobile may have been targets at some point. Those on the Android and iOS platforms were immune since the malware used libraries incompatible with the mobile operating systems.
Luckily, Facebook has quickly responded to the threat and is blocking techniques used to spread malware from infected hosts. Google has also removed at least one of the malicious extensions from the Chrome Web Store.
“Two aspects of this attack stand out. Firstly, the delivery of the malware was extremely efficient, reaching thousands of users in only 48 hours. Secondly, the response from consumers and the media was almost as fast. Their reaction raised awareness of the campaign and drove prompt action and investigation by the providers concerned,” said Ido Naor, Kaspersky Lab senior security researcher at the global research and analysis team.