A new malicious add-on was discovered by Microsoft hijacking Facebook accounts.The add-on is available on Chrome and Firefox and was not found on Safari and Internet Explorer.The trojan categorised as Trojan:JS/Febipos.A, was found in Brazil.
The plug-in checks if the user is logged into a Facebook account. Once it finds that, then it can like a page and post, Share content, join a group,invite friends and comment on posts. Means it can impersonate you online and can do the things you do on Facebook. Similar plugin was discovered by Bitdefender in Chrome Store which was hijacking the Facebook accounts to get more like for Facebook pages.
Microsoft found a configuration file using which malware posts some common comments from the Facebook page shown below.
The comments look like it has been posted by some young teenager like Sorry guys, but this is ridiculous!!! , The coolest tune at the moment. It’s really nice!, I don’t have a new car, I don’t have spare cash, but I get really close…
Microsoft found the increase in the likes, shares and comments on the above page from 2,746 to 3,177 at the time of reporting.
All of the information above is what we found at the time of our analysis. There may be more to this threat because it can change its messages, URLs, Facebook pages and other activity at any time. In any case, we recommend you always keep your security products updated with the latest definitions to help avoid infection.
The malware was detected only in Brazil and Facebook has blocked the link. This does remind that one should always use official store for downloading applications.