The campaign ran primarily in South America, Europe, Tunisia and Israel, delivering messages seemingly from a Facebook friend saying recipients were mentioned in a comment. This was only a ploy for the delivery of a two-stage attack.
First, a Trojan would be downloaded onto the users computer which delivered a Chrome browser extension. This allowed the second step, the usurping of the targets Facebook account.
The miscreants behind the attack were then able to alter privacy settings and siphon data, thus spreading the infection via the victims Facebook friends. The malware also was able to blacklist security sites that might have protected users.
Facebook has blocked the threat and claims it has not observed any further infection attempts. As well, Google removed the suspect extension from its Chrome Web Store.
Kaspersky advised users to run malware scans on their computers and open the Chrome browser to look for anomalous extensions.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now