According to Italian researchers, a piece of malicious software that looks like a Facebook video is making the rounds on the site. When users click on the “video,” the bug hijacks their account and even their web browser.
According to the researchers, the video appears as a link in an email or Facebook message telling a user that they’ve been tagged. Once they click on it, users are prompted to download a browser extension or plug-in. If users complete that step, the real trouble truly begins. Once the download is complete, the hackers can access everything stored in the users’ web browser, including saved passwords and financial information. One of the researchers, Carlo De Michel, told The New York Times that the bug has been spreading at the rate of 40,000 attacks every hour, and has thus far afflicted almost 800,000 users of Google Chrome alone. For its part, Facebook said that it was aware of the attack and working to clear it from the site.
“In the meantime, we have been blocking people from clicking through the links and have reported the bad browser extensions to the appropriate parties,” said Facebook spokesperson Michael Kirkland in a statement. “We believe only a small percentage of our users were affected by this issue, and we are currently working with them to ensure that they’ve removed the bad browser extension.”
If you or a friend are ever effected by a rogue or malicious browser extension, check out the following guide for cleanup instructions: