7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords

Luring users on social media to watch lookalike version of pop websites that pop-up a legitimate-looking Chrome extension installation window is 1 of the most mutual modus operandi of cybercriminals to spread malware.

Security researchers are 1 time again alert users of a novel malware drive that has been active since at to the lowest degree March this twelvemonth as well as has already infected to a greater extent than than 100,000 users worldwide.

Dubbed Nigelthorn, the malware is chop-chop spreading through socially engineered links on Facebook as well as infecting victims’ systems amongst malicious browser extensions that pocket their social media credentials, install cryptocurrency miners, as well as engage them inwards click fraud.

The malware was pushed through at to the lowest degree 7 dissimilar Chrome browser extensions—all were hosted on Google's official Chrome Web Store.

These malicious Chrome browser extensions were outset discovered past times researchers at cybersecurity theater Radware, later on a "well-protected network" of 1 of its customers, an unnamed global manufacturing firm, got compromised.

According to a Digimine, emerged final twelvemonth that also worked past times sending socially engineered links over Facebook Messenger as well as installed a malicious extension, allowing attackers to access the victims' Facebook profile as well as spread the same malware to their friends' listing via Messenger.

We lately wrote close some other similar malware campaign, dubbed FacexWorm, that was also distributed past times sending socially engineered links over Facebook Messenger as well as redirected users to mistaken YouTube page, call for them to install a malicious Chrome extension.

NigelThorn Steals Password for Facebook/Instagram Accounts

The novel malware majorly focuses on stealing credentials for victims' Facebook as well as Instagram accounts as well as collecting details from their Facebook accounts.

This stolen information is as well as thus used to ship malicious links to friends of the infected someone inwards an endeavour to force the same malicious extensions further. If whatsoever of those friends click on the link, the whole infection procedure starts over again.

NigelThorn also downloads a publicly available, browser-based cryptocurrency mining tool equally a plugin to trigger the infected systems to start mining cryptocurrencies, including Monero, Bytecoin or Electroneum.

Over the current of but half dozen days, the attackers appeared to generate unopen to $1,000 inwards cryptocurrencies, to a greater extent than frequently than non Monero.

Nigelthorn is also persistent equally to forestall users from removing the malicious extensions, it automatically closes the malicious extension tab each fourth dimension the user opens it prevents removal.

The malware also blacklists a diversity of clean-up tools offered past times Facebook as well as Google as well as fifty-fifty prevents users from making edits, deleting posts as well as making comments.

List of Malicious Chrome Extensions

Here's the bring upwards of all 7 extensions masquerading equally legitimate extensions:

• Nigelify
• PwnerLike
• Alt-j
• Fix-case
• Divinity 2 Original Sin: Wiki Skill Popup
• Keeprivate
• iHabno

Although Google has removed all of the above-listed extensions, if you lot convey installed whatsoever of them, you lot are advised to instantly uninstall it as well as alter passwords for your Facebook, Instagram as well as equally good equally for other accounts where you lot are using the same credentials.

Since Facebook Spam campaigns are quite common, users are advised to move vigilant when clicking on links as well as files provided via the social media site platform.