We have received from our partners in the AV industry reports about malicious browser extensions trying to hijack Facebook profiles. According to Microsoft, this threat was first discovered in Brazil but because of the social engineering techniques it uses, it spread fast in other countries and languages as well.
All Avira products detect it as TR/Febipos.B.2.
The malware is a malicious browser extension specifically targeting Chrome and Mozilla Firefox.
This trojan monitors a user to see if they are currently logged-in to Facebook. Once logged in, the malware can do all kind of actions on behalf of the user:
- like a page
- share posts
- invite friends
- chat with friends
- comment on a post
You can find more information about this trojan on this page (Microsoft).
This trojan is another proof that staying logged on social media websites is not always a good idea. Browsers store the user name and password for you, but you should not enable to remain logged in. So, please don’t enable “Keep me logged in”. It would only cost you one click more to login after the browser saved the login details.
Also pay attention to what extension you are installing in your browser. Always make sure that the extension comes from a known publisher and that it has a good reputation.