Lately, we have noticed an alarming trend in how Facebook scams are being spread among users. Scammers will exploit every method and medium to disseminate their malware and mayhem. We have seen like-jacking, click-jacking & tag-jacking attacks, rogue applications, the abuse of Facebook messages and chat, browser exploits…you name it.
The last couple of scams we have profiled use rogue browser extensions (sometimes called addons or plug-ins) to propagate on Facebook. This typically occurs by the scammer tricking users into downloading and installing what appears to be a theme, application or required plugin to watch an advertised video.
Two recent examples show this new technique in action.
The first is a scam that advertises a way for Facebook users to install a Christmas Theme just in time for the holidays:
The second is from a scam we profiled last week that used the following wall post to lure in its victims: “Yeahh!! It happens on Live Television!” When users click through the scam links, they are ultimately required to install a plugin, so they can watch the promised video. Of course, there is no video, but by the time the user figures it out it is too late.
Chrome and Firefox are typically the browsers of choice targeted by the scammers. So how do you remove these rogue plugins or addons once your system is infected?
For Firefox users, click the orange “Firefox” tab in the top left corner and then click Add-ons.
This will open up the Add-ons Manager.
Once here, just click the “Extensions” tab on the left and remove anything you don’t recognize or seems suspect.
If Chrome is your browser of choice, then click the little wrench in the top right corner and select Tools then Extensions.
Again, look at the list of installed extensions and remove anything unusual or suspect.
For Safari users, Click the circular gear in the top right corner and then click on ‘Preferences’. Next, you will then click the ‘Extensions’ tab to see a list of what is currently installed.
Finally, for Internet Explorer users, you will click on on the circular gear in the top right corner and then click “Manage add-ons”. Doing so will display the following interface:
Here, you can remove any extensions that look suspicious.
We have said time and time again to only install Facebook applications from trusted and well known sources. The same holds true for browser extensions. Pay special attention to user ratings and reviews, the number of downloads and even Google the extension before installation. A little research could save you a lot of trouble down the road.
Just f or good measure, you should change your Facebook password and run a full system scan with a competent anti-virus software application.