WARNING: Emails Promoting ‘Business’ Flash Player Lead To Facebook Malware

By David Cohen 

Attention, Google Chrome users: There is no such thing as a “business” Flash player, and downloading any browser extensions billed as such will bring some serious malware with it.

Bitdefender Senior E-Threat Analyst Bogdan Botezatu told PCWorld about the threat, saying that it is being spread through spam emails that direct users to the Chrome Web Store to download business Flash player browser extensions.

Botezatu told PCWorld that once the bogus software is installed, it monitors users’ browser activity and strikes when those users land on pages that they are logged into via Facebook.

In those cases, Botezatu told PCWorld, the malware fetches pieces of JavaScript code that tell it what it can do with users’ Facebook accounts, and it leads to accounts being used to spam friends, post malicious links on news feed and timeline, and automatically like pages without consent.

Another potential risk pointed out by Botezatu to PCWorld: The malware can be used to steal Facebook cookies and gain control of users’ accounts from other computers. He told the magazine:

They can run as many campaigns as they want. All they have to do is fetch a new script. That’s how you can lose your account.

Botezatu told PCWorld antivirus software is likely useless against this type of threat, unless it includes Web filters, adding:

This kind of threat can persist in a browser for quite a long time.

Readers: Have you seen any emails attempting to coerce you into downloading a business Flash player?

Image courtesy of Shutterstock.