Bitdefender has detected a Google Chrome app that promises to change the colour of Facebook accounts, but instead nabs authentication cookies and generates dozens of blogs registered to the victim’s Gmail address.
Once the malicious app is installed from Google’s Chrome Web Store, it starts displaying a large Google Ads banner redirecting users to a ‘work from home’ scam. When clicking the sign-up link, users are redirected to a fraudulent website.
“Scammers gave a new twist to the old change-your-Facebook-colour-scheme that’s been luring users to fraudulent websites to grab credentials and other sensitive data,” says Chief Security Strategist Catalin Cosoi at Bitdefender. “By creating dozens of blogs for a single account, the scam spreads like wildfire among Facebook friends.”
The blogs generating under the e-mail address of the victims, which are used in further disseminating the scam, have registered a large number of hits among users in the UK, the US, Germany, Spain, Romania and other countries.
The app can also post wall messages on the victim’s account. The messages use friend tagging to convince the victim’s friends to visit the blog domains. Each time the app posts on a user’s timeline, it links to one of the auto-generated blogs so as to avoid blacklisting.
Bitdefender encourages users to use an antivirus solution and the free application Safego, which protects Facebook and Twitter accounts from scams, spam, malware and private data exposure.