Another case of malware via video is rapidly spreading via Facebook to Google Chrome users, at the rate of about 40,000 per hour, Italian security researcher Carlo De Micheli told The New York Times’ Bits blog.
De Micheli told Bits the bait for this malware attack is familiar: Facebook users receive emails or messages saying that they were tagged in Facebook posts, and if they click on the enclosed links, they are directed to websites outside of Facebook and prompted to download browser extensions in order to watch the promised videos.
According to De Micheli, via Bits, if users take the bait, the malware plugin can access all information stored in their browsers, including accounts with saved passwords, and it hijacks users’ Facebook accounts and spreads via the social network.
De Micheli told Bits the attackers also apparently adapted the code to target users of another browser, Firefox.
Facebook Communications Manager Michael Kirkland told Bits the social network’s security team detected the attack and was in the process of wiping out the malicious links, adding:
In the meantime, we have been blocking people from clicking through the links and have reported the bad browser extensions to the appropriate parties. We believe only a small percentage of our users were affected by this issue, and we are currently working with them to ensure that they’ve removed the bad browser extension.
And Google Spokeswoman Veronica Navarrete told Bits:
When we detect items containing malware or learn of them through reports, we remove them from the Chrome Web Store and from active Chrome instances. We’ve already removed several of these extensions, and are continuing to improve our automated systems to help detect them even faster.
Justin O’Kelly, a spokesman for Firefox parent Mozilla, shared the following obvious but often-ignored advice with Bits:
Users should be wary of scams or suspicious messages asking them to install software from an unknown site.
Readers: Were you or any of your friends victimized by this malware attack or similar ones?
Malware screenshot courtesy of Carlo De Micheli, via Bits. Warning image courtesy of Shutterstock.