There is an old saying where I come from that goes, “You can’t be too rich or too beautiful.” Well, in today’s digital world I think it needs to include, “You can’t be too careful online or have too much security.” Time for Facebook (FB) users to take this new advice to heart as several Chrome extensions promoted on FB have been found to install malicious code in the user’s browsers.
In another post, we discussed how social engineering is one of the least expensive means of hacking a user. The bad actors create “bait” of some sort that lures users into clicking on links, opening attachments, or simply handing out personal information. The main way these hacks work is through the imitation of legitimate websites and links.
Now, according to an article in the Hacker News, these bad actors have been fooling FB users into clicking on links to install malware infected Chrome browser extensions. Even though the extensions were available from the Google Chrome Web Store, they were copies of legitimate extensions with malicious code built in that infects the user’s PC when installed. The malware steals passwords and personal information plus can turn the PC into a bot for the purposes of mining cryptocurrencies.
The malicious code takes what it learns from the user’s FB and Instagram accounts and sends infected links to all the user’s contacts in hopes of repeating the infection process. Unfortunately, the malware is resistant to removal. It blacklists certain Google and FB clean-up tools and will hide its browser tab when a user attempts to remove it.
Estimates are that 100,000 users have been infected since March of this year and that $1,000.00 in cryptocurrencies, mostly Monero, were generated in just six days.
There are seven extensions known to be involved (see below). Google has removed them, but security researchers are urging caution as others may still be circulating through social media sites. If you installed any of these extensions, you need to remove them immediately using anti-virus tools and to change your FB and Instagram passwords.
- Divinity 2 Original Sin: Wiki Skill Popup
A friendly reminder is in order here, you really can’t be too careful online. Scams and hacks are increasing in their sophistication. Social media sites are hotbeds of infection and provide the perfect way to rapidly spread malware. Many companies (54% according to some older data) restrict access to such sites from corporate computers for this, among other, reasons.
Another friendly bit of advice regarding privacy, anonymity, and security when communicating via social media…don’t do it and expect to get any of these. For the best secure communication solution currently available, check out CRIP.TO. Our unique combination of hardware and software truly gives you the freedom to communicate fearlessly. Leaving you with more time to work on becoming too rich and too beautiful.
While at our site, check out our ICO coming up soon!