Security firm Trend Micro detected an attack aimed at users of Google Chrome and Firefox browsers. This threat uses fake extensions for both browsers to infiltrate systems and hijack user accounts of Facebook, Google+ and Twitter. Worst of all is that these malicious files are digitally signed.
Trend Micro advises that through various lures in social networks, users try to install an update to a fake video player, which is nothing a malware TROJ_FEBUSER.AA.
At first the malware was identified as Chrome 5.0.0 Service Pack and in the case of Mozilla Firefox and Mozilla Service Pack 5.0. But once Google Chrome started to detect this plugin as malicious, cyber criminals updated the false plugin and now use malware JS_FEBUSER.AB, which is identified as F-Secure Security Pack 6.1.0 (for Google Chrome) and F- Secure Security Pack 6.1 (for Mozilla Firefox).
When it is installed in the browser, connects to the server and download a configuration file, which the malware uses to hijack social media user accounts and thus be able to perform the following actions:
- Give Likes to pages
- Share posts
- joins Groups
- Invite friends from Groups
- Chat with Friends
- Post comment
- Post status updates.
In addition to having control of the accounts, tries to fool other users to download the malware from the same accounts of social networks.