According to Italian researchers, a piece of malicious software that looks like a Facebook video is making the rounds on the site. When users click on the “video,” the bug hijacks their account and even their web browser.
According to the researchers, the video appears as a link in an email or Facebook message telling a user that they’ve been tagged. Once they click on it, users are prompted to download a browser extension or plug-in. If users complete that step, the real trouble truly begins. Once the download is complete, the hackers can access everything stored in the users’ web browser, including saved passwords and financial information. One of the researchers, Carlo De Michel, told The New York Times that the bug has been spreading at the rate of 40,000 attacks every hour, and has thus far afflicted almost 800,000 users of Google Chrome alone. For its part, Facebook said that it was aware of the attack and working to clear it from the site.
“In the meantime, we have been blocking people from clicking through the links and have reported the bad browser extensions to the appropriate parties,” said Facebook spokesperson Michael Kirkland in a statement. “We believe only a small percentage of our users were affected by this issue, and we are currently working with them to ensure that they’ve removed the bad browser extension.”
If you or a friend are ever effected by a rogue or malicious browser extension, check out the following guide for cleanup instructions:
SocialSafe helps you to create your library of you. It’s the safest place for your online life. Downloaded to your computer, auto organised and instantly searchable. Supports most major social networks.
BitDefender Safego is a Facebook application you can install that will scan your News Feed and help keep you safe from scams on Facebook.
PRIVATE WiFi® is a Personal VPN that encrypts everything you send and receive. Don’t access Facebook from a public WiFi hotspot without it.